Cyber Essentials is the UK Government backed scheme administered through the National Cyber Security Center (NCSC) that aims to show organisations how to protect themselves and prevent the most common cyber attacks. The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks.Organisations that achieve Cyber Essentials can demonstrate that they have considered and committed to boosting their defences against the threats of cybercrime and have reduced the vulnerability of their business by meeting an accredited government standard.
The Cyber Essentials scheme is not covered by binding regulation, instead, it offers organisations and businesses a means to demonstrate their commitment towards addressing cybersecurity by achieving an accredited and registered certification standard.
Not every organisation has the time or resources that are needed to develop a full-on approach to cybersecurity. So the Cyber Essentials scheme has been designed to fit with whatever level of commitment an organisation is able to sustain.
The simplest way is to start to familiarise yourself with cybersecurity terminology, gaining sufficient knowledge and awareness to begin securing your IT.
If as an organisation you need more certainty on how you apply cybersecurity, you can obtain basic or entry level Cyber Essentials.
For those organisations who need to take their cybersecurity to a higher level, you can go for Cyber Essentials Plus certification.
The Cyber Essentials scheme addresses the most common Internet-based threats to cybersecurity and considers these threats to be:
- Hacking — exploiting known vulnerabilities
- Phishing — and other ways of tricking users into installing or executing a malicious application
- Password guessing — manual or automated attempts to log on from the Internet, by guessing passwords
Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day, according to figures from a study from Hiscox, a specialist insurer.
According to Hiscox, almost one in three (30%) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.
Most small businesses recognise the threat that cyber criminals pose on a global scale but are less convinced of the risks facing their own operations, considering themselves ‘too small’ to be worthy targets, but this isn’t the case.
Attackers know that smaller organisations have less money and fewer resources to spend on security. The majority of cyber-attacks are automated and indiscriminate, exploiting known vulnerabilities with IT systems rather than targeting specific businesses.
So, vulnerability to a simple attack from a cyber criminal can mark you out as a target for a more in-depth sophisticated attack.
Cyber Essentials certification offers peace of mind that an organisation’s defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the appropriate technical controls in place.
Cyber Essentials Plus
Cyber Essentials Plus has the same Cyber Essentials protections that you need to put in place, but this time the verification of your cybersecurity is carried out independently by a third party Certification Body.
There are three steps to certification:
- Select a Certification Body through one of the Cyber Essentials Accreditation Bodies.
- Verify that your IT is suitably secure and meets the standards set by Cyber Essentials.
- Complete the questionnaire that your Certification Body will provide and verify on your behalf.
Selecting a Certification body
Visit the Directory of Accreditation Bodies and read the details about each body and choose one which feels like a good fit for your organisation as they will perform the evaluation and award the Cyber Essentials Certificate.
Verify your IT is suitably secure
Cyber Essentials has a detailed set of requirements for an organisation's Information Technology. You'll need to make sure the systems and software meet this criteria before you move on to the next stage of certification.
You may be asked to source various forms of evidence before your chosen Certification Body can award certification.
Complete the self-assessment questionnaire
Having understood the Cyber Essentials requirements for installation, configuration and maintenance of your IT, you are ready to complete the Certification questionnaire and submit this to your Certification Body.
What is an Accreditation Body?
The Accreditation Bodies have been specially selected by the NCSC to oversee Cyber Essentials certification.
Cyber Essentials and GDPR
The GDPR or General Data Protection Regulation is designed to unify data privacy laws across the EU, giving EU citizens more control over their personal data and prescribing how organisations may use and must protect their subjects data. All organisations that handle personal information of EU citizens must comply with the GDPR.
The regulation of GDPR in the UK and the notification of all data breaches is delivered via the Information Commissioner’s Office (ICO). By applying the technical controls of Cyber Essentials it helps you demonstrate to the ICO that you are on the right path towards GDPR compliance. Cyber Essentials is recommended as a good starting point but it’s not a complete solution for all your GDPR obligations.
Importance of Cyber Essentials
Cyber Essentials is an increasingly important certification to achieve for businesses and organisations of all sizes in the UK.The rise in awareness of the impacts of a cyber attack or the financial and reputational consequences of data breaches, have rightly seen an increased demand for evidence that your business takes its responsibilities seriously and invests in cyber protection. Cyber Essentials reassures customers that you are working to secure your IT and their data against cyber attack.
Businesses must be prepared to be asked to show their commitment to maintaining cybersecurity and with Cyber Essentials certification shows you have made a promise to respond to incidents and take your responsibilities seriously.
For smaller businesses with little or no IT support or expertise, it provides a basic first step towards cybersecurity and can help build a relationship with a trusted IT supplier.
Cyber Essentials is just one step of the journey towards securing your organisation against cyber attacks. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access. We can also help create your cybersecurity plan so you know how to prepare and if necessary respond to an incident.
Image source: www.freepik.com