The National Cyber Security Centre defines Cyber Essentials as ‘an effective Government backed scheme that will help you protect your organisation, whatever its size, against a wide range of the most common cyber attacks’.
However, not only does it provide your business with an additional layer of protection which will help protect it from these ever-present cybercriminals, but it also helps you demonstrate your commitment to cyber security to your customers, employees, and partners.
How exactly does it protect your business, I hear you ask? The Cyber Essentials scheme provides a solid framework for businesses to follow, ensuring that the cornerstones of business IT are sensibly configured and well-protected. In turn, the certification received shows your clients and partners that you’ve done all you can to protect your business against the most basic forms of cybercrime, such as phishing and ransomware attacks.
You can think of it as the digital equivalent of having a ‘Beware of Dog’ sign on your front porch or garden. It alerts potential intruders that their attempt to breach your property may be met with resistance, in the same way, that a cybercriminal will recognise that a Cyber Essentials certification displayed on your website will deter them from committing to what may ultimately be an unsuccessful cyber-attack.
The UK’s Department for Science, Innovation & Technology states that ‘a total of 132,094 Cyber Essentials certificates have been awarded since the scheme began’ a staggering statistic highlighting just how much of a priority UK business place on cybersecurity.
Cyber Essentials is made up of the following five foundational pillars:
Now, I’m sure you're thinking at this stage, is a Cyber Essentials certification worth having? Our cybersecurity experts can assure you that it definitely is. As we covered in the introduction to this blog, cybercrime is on the rise, and with each passing year, cybercriminals are finding more intuitive means of breaching your business.
Having a Cyber Essentials certification is the minimum your business can do in this day and age to alert these cyber attackers that your business takes cybersecurity seriously. By not having a Cyber Essentials certification, you are essentially letting each and every cybercriminal know that your business is a prime, unsuspecting target who will, more likely than not, be attacked successfully.
Having a Cyber Essentials certification will give you peace of mind that you’ve done the minimum required to deter cybercriminals and protect your business.
Furthermore, businesses must renew the Cyber Essentials certification on an annual basis. The requirements are reviewed and will change each year to ensure businesses keep up to date with the latest technology and can protect themselves adequately.
The advanced Cyber Essentials certification, Cyber Essentials PLUS, follows on from obtaining the standard certification.
The PLUS iteration of Cyber Essentials can only be attained by having an external assessment carried out by independent regulators who will assess the five foundational pillars which we covered earlier and gather evidence as proof that your systems are secure.
Whilst the standard Cyber Essentials certification focuses primarily on the basic assurance of security controls and processes, Cyber Essentials Plus offers comprehensive validation through rigorous rounds of testing to ensure your cybersecurity defences are well-equipped to deal with cybercrime effectively.
Assessors will review a sample set of your workstations and servers, test your email filtering and antivirus software, and will carry out external penetration tests against your company firewalls. A specialist vulnerability scanning tool will also be used on a selection of your devices to verify they are kept up to date and are not vulnerable to cybersecurity threats.
All of these methods have been strategically planned to see whether your business cybersecurity standards are up to scratch with the requirements of a Cyber Essentials PLUS certificate.
The Cyber Essentials PLUS certification is tailor-made for organisations that are willing to leave no stone unturned when it comes to cybersecurity. Cybercriminals can breach your business, leading to a whole host of problems, including financial loss, reputational damage, and longer-term consequences (resources and budgets being stretched by the resulting cost of a cyber-attack).
It seems like every month; a new corporate behemoth suffers at the hands of cybercriminals as they find themselves caught out by ingenious cybercrime techniques. The BBC recently reported that global bank Santander’s staff, along with 30 million customers, were hacked due to an unforeseen cyber incident. This story was released the day after the British Broadcasting Corporation (BBC) posted an article stating that ‘data was allegedly stolen from 560 million Ticketmaster users’.
It is a scary world that we live in currently with the ever-constant threat of cybercrime looming around every corner. That’s why our cybersecurity experts at Netitude implore you to take the right steps to protect your business, such as completing your Cyber Essentials and Cyber Essentials PLUS certifications.
Cyber Essentials certifications should be revalidated annually. As we know, cybersecurity is an ever-changing beast, affected by the latest technological developments, for better or worse.
Therefore, regular, stringent assessments of the five core Cyber Essentials is a must to ensure your business is compliant with security best practices and helps your organisation stay in good shape from a cybersecurity standpoint.
The short answer is yes; businesses that plan to improve their cybersecurity defences will need to complete the standard Cyber Essentials certification before moving on to the more advanced version in Cyber Essentials PLUS. If you are ready to go for Cyber Essentials PLUS, you will be required to complete the standard Cyber Essentials assessment as part of it.
When it comes to verifying a company’s compliance against Cyber Essentials, there tend to be three types of verifiers that are most commonly used:
A Cyber Essentials certification can be achieved fairly quickly; it just depends on the speed at which your organisation works to get the business up to scratch from a cybersecurity standpoint. Provided your business meets all requirements, the process of self-certifying via the web portal takes a couple of hours. An assessor will review your submission and pass or fail you within 2-4 business days.
Businesses must bear in mind that potential delays and roadblocks could be incurred upon submission, which may prolong this process. We are not able to give an exact timeframe for a Cyber Essentials PLUS certification as the process can vary considerably on a case-by-case basis.
On the whole, achieving a Cyber Essentials accreditation is much more manageable if you have a Managed IT Service Provider (MSP) like Netitude. Our technology experts will be on hand to guide you through the entire process, whether that’s Cyber Essentials or Cyber Essentials PLUS, so you can rest assured that our experienced tech consultants and qualified CREST-accredited cybersecurity partners can provide skilled support throughout the process.
Cyber Essentials is a fantastic step to take for small-to-medium-sized businesses (SMEs), as it gives a framework to work towards and helps business owners understand why certain changes need to be made to secure their systems and data.
Everything in the assessment is backed by the National Cyber Security Centre, so you know you’re following expert guidance which is always reviewed and kept up to date.