Cyber Essentials is the hallmark of strong cyber security
Cyber-attacks are on the increase and becoming more sophisticated. Now it is no longer good enough for businesses to claim they can resist potential cyber threats, they must be able to prove it, particularly if they hope to secure government or public-sector work.
Since 2014, Cyber Essentials Plus has been a mandatory requirement when applying for government contracts and it looks as though we are transitioning to a point where businesses must hold a badge to be considered for most public-sector contracts.
When making decisions about what suppliers to choose, clients are also adopting stricter vetting procedures and actively seeking evidence that an organisation has robust security standards.
Organisations should now be striving to achieve the Cyber Essentials Plus standard. It not only ensures an organisation is properly protected, but it also alleviates any customers’ fears when it comes to the security of their personal information and confidential data.
An essential sign of approval
We have partnered with Information Security specialists who are an approved assessor and certification body for Cyber Essentials, which allows us to help you easily achieve the standard required.
There are currently two different certifications available to businesses – the standard Cyber Essentials and the Cyber Essentials Plus.
Cyber Essentials represents the most basic level of cyber security and requires organisations to complete a questionnaire regarding their current security controls, which we will review for you.
Alternatively, we can guide you through the process. This can include a visit to your premises and an external vulnerability assessment which directly tests that individual controls on the internet facing network perimeter have been implemented correctly.
Once Cyber Essentials has been achieved, a certified assessor will perform a detailed on-site technical audit to highlight any problems.
Using a range of specialist tools and techniques, the Cyber Essentials Plus assessment directly tests that controls have been implemented correctly and recreates various attack scenarios to determine whether a system can withstand potential threats.
Once the tests are completed and any identified issues are rectified, you will be issued with the ‘Plus’ certification.
The Cyber Essentials Plus certification requires five technical controls:
- Boundary firewalls – prevent unauthorised access to or from private networks
- Secure configuration – ensuring systems are configured securely and tailored to an organisation
- Access control – only allowing those with authority to have access to systems
- Malware protection – ensuring the most current virus and malware protection is installed
- Patch management – ensuring the latest applications are used with patches applied
Once an organisation achieves Cyber Essentials Plus, it can use the relevant branding on all its marketing material to demonstrate it values cyber security and actively protects against cyber-attacks.