Many people have heard of Cyber Essentials (CE), but do you know what it is and what benefits it can bring to your business? This article will discuss what cyber essentials is and how it can help your business and the role that a Cyber Essentials assessor plays in achieving certification.
Cyber Essentials is a UK cyber security certification that was created by the UK National Cyber Security Centre (NCSC) to help businesses protect themselves from cyber threats. It’s based on five principles, which are explained below. The CE assessor plays an important role in the process of getting Cyber Essentials certified because they can provide you with all of the information and resources necessary for developing your CE strategy.
Two Types of Certification
There are two types of Cyber Essentials (CE) certification:
Cyber Essentials (Self-assessed)
In a self-assessed certification, you complete the application yourself and submit it to a certification body. If your application is deemed acceptable you will receive the certification. Unless you have cyber security skills in house, it is recommended that you work with a professional who understands the standard so they can help you with the application and close any of the gaps that are found. The standard CE certification costs £300.
Cyber Essentials + (Audited)
Once you achieve the standard CE certification you have 90 days to achieve the CE+ certification. The CE+ certification is the same as the standard except there is an independent audit of your environment against your application and also a vulnerability scan is performed. The cost of CE+ varies based on the size and complexity of your organisation.
Cyber Essentials Core Controls
There are five core controls in Cyber Essentials that apply to all ‘in scope’ systems. Essentially, a device is considered to be ‘in scope’ if it is used for business and is connected to the Internet. From 24th January 2022, this will include Bring Your Own Device (BYOD) devices, home-working and cloud services.
The five core areas of cyber essentials are:
Firewalls
Protecting your network perimeter is essential in preventing cyber attacks from happening. You can do this by using firewalls and other security measures to restrict access to your network and internet-connected devices.
Security Update Management
It’s important to protect all internet-connected systems from cyber threats by ensuring that they’re always up to date so known vulnerabilities are fixed.
Secure Configuration
Computers and devices are not always at their most secure straight out of the box. Things like default passwords and insecure configurations mean that hackers can easily compromise your systems if you do not take steps to secure your systems.
Access Control & Identity Management
You must know who has access to what data on your network, as well as how they’re accessing it. This can be done by using access control and identity management measures to ensure that you grant people and services just enough access they need to complete their roles.
Malware Protection
One of the most common ways cybercriminals gain access to networks is through malware. You can protect your business from malware by using anti-virus and anti-malware software and ensuring it is up to date.
Benefits of Cyber Essentials
Being CE certified can bring a number of benefits to your business, including:
Protection from cyber attacks
The CE certification body will help you to protect your business from cyber threats by implementing the five principles.
Improved cyber security posture
By being CE certified, you’ll be demonstrating that you take cyber security seriously and are doing everything possible to protect your business and your client and employee data from cybercriminals.
Reduced cyber security costs
The CE certification body will help you to reduce your cyber security costs by providing you with resources that will help you to protect your business from cyber threats. Every self-assessed Cyber Essentials certification comes with free cyber security insurance!
Improved compliance posture
Cyber Essentials is an accepted standard for cyber security and compliance, so being CE certified can improve your compliance posture. This will help you win more businesses from organisations that recognise or even require Cyber Essentials certification.
Assessors and Certification Bodies
Assessors and Cyber Essentials Certification Bodies will help you to understand and implement these five principles in order to protect your business from cyber threats. They can provide you with resources such as templates, checklists, and training courses that will help you to achieve CE certification.
If you’re thinking about CE certification for your business, you’ll need to decide whether or not it’s the right cyber security solution for you. Get in touch with us if you want a free advice call about achieving CE certification.
