Cyber Essentials Certification

Helping secure your organisation against common cyber attacks

Meeting the Cyber Essentials Certification scheme requirements will really prove its worth.

As the owner of a business or charity you need to be aware of the risks of cyber-attacks.  These include hacking and viruses that can threaten customer data and confidential information.

Frequently, cyber-crime is not even especially sophisticated but it can still cause damage to IT systems and data too.

Ciaran Martin, CEO of the National Cyber Security Centre, says, “By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities”.

There is also great fear of new tech in case it is vulnerable to attack.  Mike Cherry from the Federation of Small Businesses explains that “some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime.

“In the face of an ever-increasing threat of cyber-attacks, the NCSC supports White House call for increased cyber security precautions, with the scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector.”

The fact is that even if you think you are safe from cyber-crime, there are always criminals trying to break into your systems.  Chances are they have already succeeded, whether you are aware of it or not.   According to James Snook, Deputy Director in the government’s Office for Cyber Security,

“My message for companies that think they haven’t been attacked is:  you’re not looking hard enough”.

“My message for companies that think they haven’t had a cyber attack is: you’re not looking hard enough”.
James Snook, Deputy Director of the Office for Cyber Security and Information Assurance (OCSIA)

Cyber Essentials Self-Assessment is a scheme that shows you how to address those basics and prevent the most common attacks.

As the majority of cyber-attacks exploit basic weaknesses in your IT systems and software, this will help uncover where the gaps are and help you plug them.  It was designed by the Government to make it easy for you to protect yourself.

“This scheme focuses on the core set of actions that businesses should be taking to protect themselves, their customers, and their brand. Cyber Essentials enables businesses to demonstrate that they are taking action to control the risks”

The self-assessment requires an organisation to complete a questionnaire, with responses independently reviewed by an external certifying body.

To helps prevent the vast majority of cyber-attacks, Cyber Essentials is a good first step.  Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cash flow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation.

Hacking and viruses are getting more and more advanced, according to Christopher Graham from the Information Commissioner’s Office. He recommends Cyber Essentials, explaining:

It could even be reported in the local media, risking customer confidence even further. As Christopher Graham explains, “The knock-on effect of a data breach can be devastating. When customers start taking their business elsewhere, that can be a real body blow”.

 

Plus, of course, any loss of data could breach the Data Protection Act and lead to fines or prosecution.

Having a Cyber Essentials badge will:

  • Protect your organisation against common cyber threats
  • Show your customers you take this issue seriously
  • Enable you to bid for Government contracts.

Since October 2014, Cyber Essentials has been mandatory for suppliers of Government contracts that involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials Certification enables you to bid for these contracts.

Cyber Essentials Certification

Cyber Essentials Plus covers the same requirements as Cyber Essentials Self-Assessment but audits of the systems are carried out by an external certifying body, using a range of tools and techniques.

The audit carried out for the Cyber Essentials Plus is a great way of making sure you are keeping your organisation secure.

Cyber Essentials PLUS

IASME

IASME Cyber Assurance was developed over several years during a Technology Strategy Board funded project to create a cyber security standard that would be an affordable and achievable alternative to the international standard, ISO27001.

The Cyber Assurance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking positive steps to properly protect their customers’ information.

Assessments include the Cyber Essentials assessment and is available either as a self-assessment or an on-site audit. Since the 1st March 2017, it has also included an optional assessment against the GDPR requirements.

Our Cyber Security Recommendation

If you are a Small Business, Charity or Not-for-Profit organisation, we would recommend following the IASME Cyber Assurance standard, alongside Cyber Essentials Plus.

It protects and controls a whole lot more without being as onerous as ISO27001, and it is a fantastic stepping stone to meet that standard in the future.

Need Advice From Our
Cyber Essentials Team?

Fill out the form and we’ll get straight back to you

Please let us know what's on your mind. Have a question for us? Ask away.
This field is for validation purposes and should be left unchanged.