Cyber Essentials – the who, what, where, when and why

For many of our clients, they know they need to achieve Cyber Essentials accreditation but they don’t actually know what it entails, what exactly it’s for and what it all means. In this blog, our Cyber Essentials expert, Rob Kneller, explains all, answering the questions that we often hear from clients and hopefully shedding some light on the Cyber Essentials certification scheme.

What is Cyber Essentials?

Launched in 2014, Cyber Essentials is a UK government-backed certification scheme to help organisations protect themselves against cyber threats.  It’s suitable for businesses and organisations of all shapes and sizes, across all sectors and provides a clear framework to highlight which basic cyber security steps and measures you should be implementing to keep your business safe. 

There are two levels of certification:

Cyber Essentials – a self-assessment option, reviewed by a certification body such as Kit365.

Cyber Essentials Plus – a more rigorous option, which includes an on-site assessment and provides a higher level of assurance.

Once achieved, Cyber Essentials certification is valid for 12 months.

Why should my organisation go for Cyber Essentials accreditation?

Aside from helping to keep your business safe, Cyber Essentials certification is actually a mandatory requirement for organisations that want to work with any UK government department, as well as many public sector organisations and their suppliers. And, it shows your customers, partners and prospects that you’re committed to implementing the most robust cyber security measures, helping to keep them safe too.

What are the benefits of Cyber Essentials?

1. Protection against common cyber attacks.
2. Ability to demonstrate to your customers and partners that you take cyber security seriously.
3. Compliance with regulations.
4. Access to new business opportunities that require Cyber Essentials certification.

What’s needed to achieve Cyber Essentials accreditation?

At the heart of Cyber Essentials are five technical controls:

1. Firewalls – virtual barriers between your network and systems and the outside world. The right firewall will block unauthorised access to your network.
2. Secure configuration – minimising vulnerabilities in your systems and devices through security measures. This could include changing passwords, reconfiguring security settings or removing old, obsolete software. 
3. User access controls – making sure only authorised users have access to data and systems. This often involves strengthening your password policies and implementing multi-factor authentification.
4. Malware protection – security measures and solutions, such as regularly updated anti-virus software, to detect and prevent malware attacks. 
5. Patch management – regularly updating your software and systems to prevent vulnerabilities that could be exploited by cyber criminals.

What’s involved in achieving Cyber Essentials certification?

There are three main steps to achieve Cyber Essentials accreditation:

1. Self-assessment

You first complete a self-assessment questionnaire to see how your current cyber security measures hold-up against what’s listed in the Cyber Essentials framework.

2. External assessment

 An accredited Cyber Essentials Certification Body (like Kit365) will then review your self-assessment and will perhaps carry our other tests to ensure compliance with the criteria.

3. Certification

Once the Certification Body is satisfied that your organisation has met all the requirements of the scheme, you’ll be awarded with a Cyber Essentials certification.

You don’t have to go it alone

Kit365 is a Cyber Essentials Certification Body. That means that our expert team is on hand to help you to achieve accreditation, working alongside you to provide self-assessed or guided Cyber Essentials services. We can provide as much (or as little) help as you need, guiding you through the entire process, leaving no box unticked and no question unanswered. 

For more information on Cyber Essentials or to find out more about how we can help you navigate the framework, get in touch today.