Cyber Essentials is a self-assessment certificate which helps protect your organisation against most common cyber attacks. The certification process is light-weight and relatively easy to follow. You will need to select a Certification Body and complete their questionnaire, they will then conduct an external vulnerability scan on a random sample of your internet facing devices.
What Is Cyber Essentials?
Cyber Essentials is a government-backed scheme to protect organisations, whatever their size, against a range of the most common cyber attacks. It does so by implementing the basic technical controls that are proven to reduce cyber attacks.
With the majority of business data now stored online, it’s important to ensure IT systems are secure. This is often achieved through the implementation of technical controls, like firewalls and anti-virus software which help to prevent unauthorized access and theft of information.
The Cyber Essentials Certification scheme is a simple way for small businesses to demonstrate their ability to defend against the most common cyber attacks.
Why Is It Essential?
Having Cyber Essentials certification demonstrates that you have a minimum level of security in place, which is essential for your customers to trust you. More and more businesses are looking to work with suppliers that have this level of certification. It’s also becoming common for local authorities and government to make Cyber Essentials a requirement for tendering contracts.
Cyber Essentials isn’t a complete solution to cyber security, but it’s a good start. By putting the five technical controls in place, it will help you to fend off 80% of cyber attacks.
What Is The Process Like?
Achieving Cyber Essentials certification is a light-weight process that requires little time or effort. It involves a self-assessment questionnaire that is reviewed by an external certifying body. The assessment can be broad or narrow, depending on the scope of your business and the IT systems you’re concerned about protecting.
Previously, the certification process included an external vulnerability scan, but this is no longer a requirement (as of April 2020). A pre-assessment is available which can significantly reduce the time and cost of an assessment.
The certificate and branding package is provided once you’ve successfully completed the assessment. It can be displayed on your website and is recognised by the NCSC as an official scheme certificate.
What Are The Benefits?
Cyber Essentials helps to reduce the risk of unauthorised access to a business’s IT systems. This means that customers, suppliers and partners can trust that a company has the technical controls in place to prevent cyber attacks.
By implementing the five basic technical controls of the Cyber Essentials scheme, businesses are protected from 80% of common cyber threats. This is because most cyber attacks look for organisations that have not implemented these essential security measures.
Additionally, by becoming certified with Cyber Essentials, your organisation is added to the NCSC database of Certified Organisations. This is a public listing of your commitment to cyber security and can help build trust with current and prospective clients.