The National Cyber Security Centre defines Cyber Essentials as ‘an effective Government-backed scheme that will help you protect your organisation, whatever its size, against a wide range of the most common cyber attacks’. However, not only does it provide your business with an additional layer of protection, which helps protect it from these ever-present cybercriminals, but it also demonstrates your commitment to cybersecurity to your customers, employees, and partners.
How exactly does it protect your business, I hear you ask? The Cyber Essentials scheme provides a solid framework for companies to follow, ensuring that the cornerstones of business IT are sensibly configured and well-protected. In turn, the certification received demonstrates to your clients and partners that you’ve taken all necessary steps to protect your business against the most basic forms of cybercrime, such as phishing and ransomware attacks.
You can think of it as the digital equivalent of having a ‘Beware of Dog’ sign on your front porch or garden. It alerts potential intruders that their attempt to breach your property may be met with resistance, in the same way that a cybercriminal will recognise that a Cyber Essentials certification displayed on your website will deter them from committing to what may ultimately be an unsuccessful cyber-attack.
The UK’s Department for Science, Innovation & Technology states that ‘a total of 132,094 Cyber Essentials certificates have been awarded since the scheme began’, a staggering statistic highlighting just how much of a priority UK businesses place on cybersecurity.
Cyber Essentials is made up of the following five foundational pillars:
Now, I’m sure you're thinking at this stage, is a Cyber Essentials certification worth having? Our cybersecurity experts can assure you that it definitely is. As we covered in the introduction to this blog, cybercrime is on the rise, and with each passing year, cybercriminals are finding more intuitive means of breaching your business.
Having a Cyber Essentials certification is the minimum your business can do in this day and age to alert these cyber attackers that your company takes cybersecurity seriously. By not having a Cyber Essentials certification, you are essentially letting every cybercriminal know that your business is a prime, unsuspecting target who will, more likely than not, be successfully attacked.
Having a Cyber Essentials certification will give you peace of mind that you’ve done the minimum required to deter cybercriminals and protect your business.
Furthermore, businesses must renew the Cyber Essentials certification on an annual basis. The requirements are reviewed and updated annually to ensure enterprises stay current with the latest technology and can protect themselves adequately.
The advanced Cyber Essentials certification, Cyber Essentials PLUS, builds upon obtaining the standard certification.
The PLUS iteration of Cyber Essentials can only be achieved by having an external assessment carried out by independent regulators, who will assess the five foundational pillars covered earlier and gather evidence as proof that your systems are secure.
Whilst the standard Cyber Essentials certification focuses primarily on the basic assurance of security controls and processes, Cyber Essentials Plus offers comprehensive validation through rigorous rounds of testing to ensure your cybersecurity defences are well-equipped to deal with cybercrime effectively.
Assessors will review a sample set of your workstations and servers, test your email filtering and antivirus software, and carry out external penetration tests against your company's firewalls. A specialist vulnerability scanning tool will also be used on a selection of your devices to verify they are kept up to date and are not vulnerable to cybersecurity threats.
All of these methods have been strategically planned to determine whether your business's cybersecurity standards meet the requirements of a Cyber Essentials PLUS certificate.
The Cyber Essentials PLUS certification is tailored for organisations that are committed to leaving no stone unturned when it comes to cybersecurity. Cybercriminals can breach your business, leading to a whole host of problems, including financial loss, reputational damage, and longer-term consequences (resources and budgets being stretched by the resulting cost of a cyber-attack).
It seems that every month, a new corporate behemoth suffers at the hands of cybercriminals, who find themselves caught out by ingenious cybercrime techniques. The BBC recently reported that Santander, a global bank, and its staff, along with 30 million customers, were hacked due to an unforeseen cyber incident. This story was released the day after the British Broadcasting Corporation (BBC) posted an article stating that ‘data was allegedly stolen from 560 million Ticketmaster users’.
It is a frightening world we live in currently, with the ever-present threat of cybercrime looming around every corner. That’s why our cybersecurity experts at Netitude implore you to take the proper steps to protect your business, such as completing your Cyber Essentials and Cyber Essentials PLUS certifications.
Cyber Essentials certifications should be revalidated annually. As we know, cybersecurity is an ever-evolving field, constantly influenced by the latest technological advancements, for better or worse.
Therefore, regular and stringent assessments of the five core Cyber Essentials are essential to ensure your business is compliant with security best practices and helps your organisation stay in good shape from a cybersecurity standpoint.
The short answer is yes; businesses that plan to improve their cybersecurity defences will need to complete the standard Cyber Essentials certification before moving on to the more advanced version in Cyber Essentials PLUS. If you are ready to go for Cyber Essentials PLUS, you will be required to complete the standard Cyber Essentials assessment as part of it.
When it comes to verifying a company’s compliance against Cyber Essentials, there tend to be three types of verifiers that are most commonly used:
A Cyber Essentials certification can be achieved relatively quickly; it just depends on the speed at which your organisation works to get the business up to scratch from a cybersecurity standpoint. Provided your business meets all requirements, the process of self-certifying via the web portal takes a couple of hours. An assessor will review your submission and determine whether you pass or fail within 2-4 business days.
Businesses must bear in mind that potential delays and roadblocks could be incurred upon submission, which may prolong this process. We are unable to provide an exact timeframe for a Cyber Essentials PLUS certification, as the process can vary considerably on a case-by-case basis.
On the whole, achieving a Cyber Essentials accreditation is much more manageable if you have a Managed IT Service Provider (MSP) like Netitude. Our technology experts will be on hand to guide you through the entire process, whether that’s Cyber Essentials or Cyber Essentials PLUS, so you can rest assured that our experienced tech consultants and qualified CREST-accredited cybersecurity partners can provide skilled support throughout the process.
Cyber Essentials is a fantastic step for small-to-medium-sized businesses (SMEs), as it provides a framework to work towards and helps business owners understand why specific changes are necessary to secure their systems and data.
The National Cyber Security Centre backs everything in the assessment, so you know you’re following expert guidance which is continually reviewed and kept up to date.