Cyber Essentials is a scheme which enables organisations of all sizes and sectors to gain one of two certifications that demonstrates a commitment to cyber security.
The UK government worked with Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop the Cyber Essentials scheme to help organisations ensure they are protecting themselves against common online security threats.
Organisations can gain one of two Cyber Essentials badges; Cyber Essentials and Cyber Essentials Plus.
This is a self-assessment option that helps you demonstrate your organisation has implemented security in five technical areas (see below). The process has been designed to be light weight and easily manageable while at the same time providing a respected standard in cyber security. It is a 3 step process:
– Select a certification body
– Verify that your IT is suitably secure and meets the standards set by Cyber Essentials
– Complete the questionnaire and submit to the certification body
Cyber Essentials Plus
Exactly the same as above plus your cyber security is verified by independent experts.
The Five Technical Areas
1. Use a firewall to secure your internet connection
2. Choose the most secure settings for your devices and software
3. Control who has access to your data and services
4. Protect yourself from viruses and other malware
5. Keep your devices and software up to date
Organisations must meet all the requirements for each area in order to achieve certification.
Implementing all of the security within the five technical areas will help your organisation tighten its IT security and protect itself from the most common cyber attacks. Achieving the the certification shows your commitment to protecting your own data and that of your customers and clients; increasing the reputation of your business by demonstrating to business partners and clients that you are working in a safe and secure environment. It should also be noted that to win any government contracts you must be Cyber Essentials certified, possibly providing new business opportunities for your organisation.
We believe Cyber Essentials is a great scheme to help organisations move towards protecting themselves in the increasing risk landscape of cyber attacks.