Cyber Essentials
Understand your risk and take action to protect your organisation against cyberattacks with Cyber Essentials auditing and certification.
What is Cyber Essentials Accreditation?
Cyber Essentials is a set of basic security controls designed by the UK National Cyber Security Centre (NCSC) and launched in June 2014. Designed to make it easier for organisations of all sizes to protect themselves against common online cybersecurity threats.
Holding a Cyber Essentials or Cyber Essentials Plus certification is now mandatory for organisations in the UK Government supply chain. They are also highly beneficial for any organisation as it demonstrates a commitment to, and awareness of, Cyber Security risks.
Netitude considers Cyber Essentials to be a starting point and a good, basic cybersecurity standard for most SME businesses.
What are the advantages of Cyber Essentials Certification for your business?
It is a sad reality that operating in business today requires awareness and mitigating actions against cybersecurity threats.
There are many benefits to the Cyber Essentials qualification, even if you don’t legally require it as an organisation working with the public sector.
- Great protection: The Cyber Essentials certification protects against 80% of common cyber-attacks! So, you can rest assured that the sensitive information you hold will be better protected.
- Win government contracts and open business opportunities: If your organisation is looking to bid for government contracts you will need to be Cyber Essentials certified. New business opportunities are opened as it demonstrates to business partners and new clients that you are working in a safe and secure digital environment.
- Increased credibility and reputation: Achieving Cyber Essentials certification shows your commitment to protecting your own data and that of your customers and clients. The certification increases the reputation of your business and shows your organisation is taking preventative actions to reduce the threat from cyber-attacks.
- Save money: The Cyber Essentials certification costs just £300 a year, while the average cost of a cyber attack for an SME is an incredible £1,380!
- Insurance cover: With a Cyber Essentials certification in place, you benefit from £25,000 cyber breach insurance (if you have a turnover of less than £20 million), or reduced premiums (if your turnover is over £20m).
The Cyber Essentials certification process
To pass the certification, you must demonstrate that you have protection in the following 5 areas:
Secure your devices and software
Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities. Change default passwords and user account names, and for privileged accounts enable features such as 2FA (two-factor authentication).
Secure your Internet connection
Confirm that all internet connections used in your business are protected with a firewall, creating a secure gateway between your IT systems and external networks (such as the Internet). Confirm that only safe and essential network services can be accessed from the Internet and that all devices that connect directly to the internet have a personal firewall installed and correctly configured.
Control access to your data and services
Confirm that user accounts are assigned to authorised individuals and that each user has an individual and identifiable account to access your network and data. User privileges and permissions should be carefully managed in line with the "Principle of least privilege" to minimise damage should an account become compromised.
Keep your devices and software up to date
Confirm that all devices and software are up to date at all times, ideally with on-going patch management in place. Confirm your devices and not vulnerable to known security issues for which fixes are available. No matter what type of phones, tablets, laptops or computers your organisation uses, it’s important they are kept up to date. This is true for both Operating Systems and installed applications or software.
Protect from viruses and other malware
Restrict the execution of known malware and untrusted software. Virus and Malware protection software should be installed and kept up-to-date.
If you require Cyber Essentials PLUS certification, we also offer vulnerability scan, assessment, remediation and certification services.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials
Cyber Essentials includes an SAQ (self-assessment questionnaire) followed by an external review. It is the minimum certification that you can receive and provides a great foundation for basic security.
Cyber Essentials Plus
Cyber Essentials Plus provides a more rigorous auditing process. It further protects against phishing and hacking. Rather than the self-assessment required of the Cyber Essentials certification, Cyber Essentials Plus requires system tests to be carried out by an external body.
Get Cyber Essentials certified with Netitude
Our simple five-step methodology:
- Initial assesment: Out team audit your network and systems, carry out penetration tests & vulnerability scans.
- Identify security gaps: We analyse the results of our initial audit, identifying any vulnerabilities and build out a clear project plan to address.
- Targeted remediation plan: Our team carefully implement required changes, with clear communication to minimise business impact.
- Verification assessment: To ensure successful certification we carry out a further assessment to ensure all areas have been addressed.
- Cyber Essentials PLUS certificaion: Guaranteed & externally verified certification.
Why choose Netitude as your Cyber Essentials partner?
- One-stop shop: We provide all tools and resources needed to achieve certification at both levels of the Cyber Essentials scheme.
- End-to-end support: We deliver all the technical tests and assessments, conducted by our experienced experts.
- Credentials: Our consultants are qualified, CREST-accredited cyber security practitioners.