Cyber Essentials - resilience begins with the basics

Share

2 minutes reading time

Cyber Essentials is a government-backed scheme that enables businesses to achieve one of two badges: Cyber Essentials and Cyber Essentials Plus. The scheme, initially launched in June 2014,
was created to help organisations protect themselves from common digital and online threats. Designed to aid businesses of any size, this simple certification scheme enables you to better prevent and defend against cyber-attacks.

Why do I need it?

Since 1st October 2014, a Cyber Essentials certification is required for all suppliers who bid on government projects that involve sensitive data or personal information. But working with the government isn’t the only reason to become Cyber Essentials certified. Achieving your Cyber Essentials badge alone will prevent some of the more common cyber-attacks because it showcases an added level of security that many cybercriminals won’t risk. Often these criminals mark more vulnerable businesses for an in-depth attack. Holding a Cyber Essential certificate, however, can make your organisation a less desirable target.

In addition to that, the Cyber Essentials certification can be a substantial asset for growing your business as well. Not only does it reassure your existing customers that you take cybersecurity
seriously, but it also can help you attract new prospects as a point of differentiation. Further, when you complete the Cyber Essentials self-assessment, you’ll gain a clearer understanding of your organisation’s cybersecurity level. This not only enables you to identify areas of risk, but also offers the opportunity to implement change and shore up any
vulnerabilities.

How do I achieve it?

Achieving your Cyber Essentials badge entails completing a self-assessment, ensuring that you meet the stated requirements across five technical control categories. These themes are:

● Firewalls - to ensure that only safe and necessary network services are accessed from
the internet
● Secure configuration - to ensure that computers and devices are configured to both reduce the level of vulnerabilities and provide only the services required
● User access controls - to ensure user accounts are only assigned to authorised individuals and only provide access to applications and programs required to fulfil the requirements of their role
● Malware protection - to restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data
● Security update management - to ensure that software and devices are not vulnerable to known security threats or risks for which there are known fixes.

Before completing the self-assessment, you may find it valuable to use the Cyber Essentials Readiness Tool to help you prepare and to create an action plan ahead of certification.

Once the assessment has been done, a qualified assessor, like those here at CDS Defence & Security, reviews the information provided and verifies it. While most of the questions are simple and straightforward, there can be some confusion about how best to answer them. In those cases, it can be helpful to engage one of the certification bodies for a consultation.

Achieving your Cyber Essentials certification badge can both protect your business and offer opportunities to grow your business. Consider taking the time to work through the readiness tool or work with a consulting body to begin your Cyber Essentials journey.

CDS Defence & Security is an IASME Certification Body and is able to deliver Cyber Essentials assessments. We also offer cyber training services to enhance your security culture. Get in touch to discuss how we can help you with your cybersecurity needs.

Read more: CDS Defence & Security becomes IASME Cyber Essentials certification body