With cyber security threats becoming ever more apparent, it is more important than ever before to ensure that you have the correct cyber security management in place. 32% of UK businesses underwent a cyber attack just last year! This accounts for an incredible 61% of large organisations, and 60% of medium sized businesses. And small businesses made no exception! 40% suffered a cyber breach in 2019.
With this in mind, many businesses, small and large, are turning to the Cyber Essentials certification, to ensure a thorough audit of their security risks and to protect their network and data.
Let’s dive deeper into the Cyber Essentials certification, and why you need it for your business.
What is Cyber Essentials?
Cyber Essentials is a government-backed and industry-supported certification that facilitates better cyber protection for organisations. The Information Assurance for Small and Medium Enterprises (IASME) and the Information Security Forum (ISF) came together to create this certification to reduce cyber vulnerability, and it is now backed by the Federation of Small Businesses, the CBI and various insurance organisations. It provides a comprehensive plan that sets out the controls that you should have in place to ensure greater security against cyber attacks.
There are two different levels of Cyber Essentials certification:
- Cyber Essentials is the minimum certification that you can receive and provides a great foundation of basic security. It requires a self-assessment followed by an external review.
- Cyber Essentials Plus provides a more rigorous auditing process. It further protects against phishing and hacking. Rather than the self assessment required of the Cyber Essentials certification, Cyber Essentials Plus requires system tests to be carried out by an external body.
Which businesses is the Cyber Essentials certification mandatory for?
If your company is looking to secure public sector contracts, it is absolutely essential that you have the Cyber Essentials certification. This doesn’t just apply to private sector organisations, but also public sector, charities, not-for-profit organisations and universities.
From 2016 the Ministry of Defence (MOD) has required all organisations to have the certification, and most local authorities are asking for it as a minimum requirement! Companies of all sizes must prove that they meet the requirements if they handle, store or process the personal information of citizens and government employees of the Government Protective Marking scheme level.
Want to know more about your business’ security weaknesses? Take a look at the Cyber Security Services we provide!
Why do you need Cyber Essentials?
There are many benefits to the Cyber Essentials qualification, even if you don’t legally require it as an organisation working with the public sector.
- Great protection. The Cyber Essentials certification protects against 80% of common cyber attacks!
- Data protection. You can rest assured that the sensitive information you hold will be better protected.
- Public Sector. You’ll have the opportunity to work with more public sector organisations.
- Serious about security. It shows clients, and all other organisations in your supply chain, that you take cyber security seriously and protect clients data in line with GDPR legislation, and therefore that you’re a trustworthy and secure organisation.
- Competitive advantage. With this trust in place, you’ll have a greater advantage over the competition who haven’t obtained the certification.
- Reputation boost. With a Cyber Essentials certification in place, you’ll further drive productivity as well as save and boost your reputation, so you can win more business and deliver great service!
- You’ll also save money. The Cyber Essentials certification costs just £300 a year, while the average cost of a cyber attack for an SME is an incredible £1,380!
- Know your risks. You’ll gain a clear understanding of the level of cyber security and risks in your business, allowing you to plan accordingly.
- Expert advice. You’ll receive specialist inspection of your cyber security controls.
- Insurance cover. With a Cyber Essentials certification in place, you benefit from £25,000 cyber breach insurance (if you have a turnover of less than £20 million), or reduced premiums (if your turnover is over £20m).
Your Cyber Essentials Checklist
To pass the certification, you must demonstrate that you have protection in the following 5 areas:
- Your devices and software are secure
- Your internet connection is secure
- You control access to your data
- Your devices and software are up to date
- Your devices and software are protected from viruses and malware
How can you get Cyber Essentials certified?
We follow a step-by-step process to get you Cyber Essentials Plus certified:
- We provide an initial assessment, including an audit of your system and network, penetration tests, and vulnerability scans.
- We then identify any vulnerabilities found from the audit
- We put a remediation plan together to address any required changes
- We then conduct a verification assessment to make sure all problems have been solved
- You receive your Cyber Essentials Plus certification!
Ready to get Cyber Essentials certified? Get in touch with the team today to discuss your Cyber Essentials needs.