Why do you need the Cyber Essentials Certification?

Why do you need the Cyber Essentials Certification?2017-11-16T14:59:57+00:00

Written by Rob Young, Group Managing Director – 24th November 2016

Achieving a strong cyber security structure for your business can consume significant amounts of time, money, specialist expertise and resource. The Cyber Essentials Scheme is a Government backed industry recognised certification for cyber security.

What is the Cyber Essentials Scheme?

Cyber Essentials enables all UK businesses to adhere to a series of Cyber Security principles to safeguard their business data, clients data and participate in high value tenders that require this certification. Unlike other schemes, that are not Government backed, Cyber Essentials is very affordable and well recognised in industry.

It helps businesses to mitigate against phishing attacks including malware, malicious email and website links and hacking opportunities, by exploring the known vulnerabilities in internet connected servers and devices. All risks are identified within an audit prior to the certification submission and weaknesses are identified.

The Cyber Essentials certification framework

Within the two Cyber Essential’s certification options (Standard and Plus) the following five security controls are verified.

  1. Boundary firewalls and internet gateways
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

Why choose Cyber Essentials?

Properly implemented cyber security has the additional advantage of driving business efficiency throughout the organisation, saving money and improving productivity.  The five security controls that form the framework of both Cyber Essentials certifications, could prevent “around 80% of cyber attacks”.

The benefits of Cyber Essentials

Risk Mitigation

Cyber Essentials helps businesses identify risks they face when it comes to cyber security. In order to achieve certification, there needs to be specific processes and structures in place each year.

Stand Alone Assurance

Broader standards and frameworks such as ISO 27001 provide a different type of protection. As Cyber Essentials is a stand-alone assurance programme, it’s affordable for all businesses. Many businesses that already have ISO 27001 also have Cyber Essentials.

Protection from Cyber Threats

Thousands of businesses every year fall victims to cyber security attacks which cost time, money and potentially the loss of company and client data. Cyber Essentials ensures cyber security processes are in place to help prevent these attacks.

Data Protection

At present, data protection is regulated by the Data Protection Act 1998, which is very dated. However, within the next two years the New EU General Data Protection Regulation (GDPR) will come into force. Business owners are now solely responsible for the security of clients’ data in line with the new regulation. Cyber Essentials helps identify weaknesses and puts processes in place to protect data.

Customer Reassurance

Many high value tenders now require ISO 27001 certification as well as Cyber Essentials as it’s an industry recognised starting block that demonstrates strong compliance.

What’s covered in Cyber Essentials Certifications?

1: Boundary firewalls and internet gateways

Using boundary firewalls to monitor traffic to your server(s) enables you to better understand and manage your bandwidth requirements, which can potentially block attackers and external threats.

2: Secure configuration

By ensuring your computers and network devices are configured properly, you can identify systems or databases that you no longer need or use. You will have the opportunity to reduce your overall storage and bandwidth consumption, as well as reducing the level of inherent security vulnerabilities.

3: Access control and administrative privilege management

Managing access control and administrative privileges erodes the opportunity for staff to install time-wasting software onto their computers, as well as removing the insider threat.

4: Malware protection

Implementing appropriate malware protection has its obvious security advantages, but an often overlooked hidden benefit is the time and cost savings that result from avoiding devices being out of action.

5: Patch management

Keeping on top of software patching and  licensing makes your company more productive, as well as more secure. Patches often improve the performance of the products they apply to, and remove issues that slow down employees, such as crashes and poor performance caused by congested networks.

How is Cyber Essentials Plus different to the Standard?

This certification is more comprehensive and is awarded by Crest an accredited Certification Body after validation. The Cyber Essentials Standard is a self-certified certification.

The two types of Cyber Essentials certification

Cyber Essentials Standard

This affordable certification is awarded on the basis of a verified self-assessment. However to achieve this the business needs to put in place a series of detailed policies and processes which take time to assess and implement.  Infinity Group helps businesses to then undertake their own assessment via the online self-certified questionnaire. This questionnaire is then verified by one of our independent Assessors to confirm whether the certification criteria has been achieved. Cyber Essentials Standard is awarded as a result.

Ideal for businesses who:

  • Want to demonstrate Government backed IT Security compliance
  • Are looking for an enhancement of their ISO 27001 certification
  • Keen to work towards obtaining the Cyber Essentials Plus Certification

Cyber Essentials Plus

The Cyber Essentials Plus certification can only be obtained by a business after the Cyber Essentials Standard has been awarded. This fully audited certification  is awarded by an external Certification Body and offers a higher level of assurance through the external testing of the business’ cyber security approach. A thorough security scan of the network is undertaken by us and all vulnerabilities are identified.

Ideal for businesses who:

  • Want to tender for large value projects
  • Work with highly regulated industries
  • Are looking for an enhancement of their ISO 27001 certification

Our Cyber Essentials packages

Our affordable Cyber Essentials packages include a on-site audit of your current setup, including a list of recommendations in line with Cyber Essentials’ strict certification criteria. The Plus certification is awarded by Crest the official Cyber Essentials accreditation body.

infinity-group-cyber-essentials-scheme

Some clients decide to complete the recommendations identified in our audit themselves before we submit them for the Cyber Essentials Plus certification or they submit themselves for the Cyber Essentials Standard certification. Others prefer us to make those recommendations.

We offers Cyber Essentials audits from as little as £995 subject to company size and type of audit. Please get in touch to find out more, alternatively you may wish to download our Cyber Essentials brochure.

 

Share

You might also like...