Cyber Essentials PLUSAuditing and readiness services to achieve Cyber Essentials PLUS certification. What are the advantages of Cyber Essentials PLUS Certification for my business? Offering a higher level of verified cybersecurity assurance for your organisation. Cyber Essentials PLUS builds on the Cyber Essentials scheme, with further security requirements, technical controls, penetration testing and vulnerability scanning. Cyber Essentials PLUS also requires external verification. Cyber Essentials Benefits Reassure customers that your business takes Cyber Security seriously, working to protect your IT systems and the data it holds from cyber attack Protect the sensitive and personal information your business holds from common cyber threats Some Government contracts require Cyber Essentials or Cyber Essentials PLUS certification Gain a clear picture of your organisation's Cyber Security level and risks Attract new business by demonstrating you have Cyber Security measures and controls in place £25,000 of Cyber breach insurance provided upon successful certification (for business turning over less than £20,000,000), or reduced premiums for larger businesses Demonstrate that you care about and protect your clients data in line with the GDPR legislation How can you pass the Cyber Essentials PLUS certification? Your business must demonstrate the required level of protection in the 5 key security controls – as detailed below. The certification process requires both an internal and external vulnerability scan, plus on-site assessment to verify your cybersecurity position. As an externally verified standard, Cyber Essentials PLUS certification can sometimes be difficult to achieve, however, the result will provide a comprehensive security framework for your business. The five key security controls: Secure your devices and software Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities. Change default passwords and user account names, and for privileged accounts enable features such as 2FA (two-factor authentication). Secure your Internet connection Confirm that all internet connections used in your business are protected with a firewall, creating a secure gateway between your IT systems and external networks (such as the Internet). Confirm that only safe and essential network services can be accessed from the Internet and that all devices that connect directly to the internet have a personal firewall installed and correctly configured. Control access to your data and services Confirm that user accounts are assigned to authorised individuals and that each user has an individual and identifiable account to access your network and data. User privileges and permissions should be carefully managed in line with the "Principle of least privilege" to minimise damage should an account become compromised. Keep your devices and software up to date Confirm that all devices and software are up to date at all times, ideally with on-going patch management in place. Confirm your devices and not vulnerable to known security issues for which fixes are available. No matter what type of phones, tablets, laptops or computers your organisation uses, it’s important they are kept up to date. This is true for both Operating Systems and installed applications or software. Protect from viruses and other malware Restrict the execution of known malware and untrusted software. Virus and Malware protection software should be installed and kept up-to-date. 1. Initial Assesment Out team audit your network and systems, carry out penetration tests & vulnerability scans. 2. Identify Security Gaps We analyse the results of our initial audit, identifying any vulnerabilities and build out a clear project plan to address. 3. Targeted remediation plan Our team carefully implement required changes, with clear communication to minimise business impact. 4. Verification Assessment To ensure successful certification we carry out a further assessment to ensure all areas have been addressed. 5. Cyber Essentials PLUS certificaion Guaranteed & externally verified certification. Our step-by-step process ensures Cyber Essentials PLUS certification for your business. Our first step is to carefully audit and understand your current position. Should your infrastructure require remedial actions, we build out a detailed project plan to address vulnerabilities. We work with your team, communicating any changes that impact your users, to ensure a smooth transition to a compliant state. We then verify our work has achieved the required standards, before finally submitting for certification. Our process is proven to enable certification quickly, efficiently and with minimal business impact. Get your business Cyber Essentials PLUS certified, get in touch for a no-obligation conversation If your business requires urgent compliance, please book a meeting to get started without delay. We guarantee a fast, cost-effective route to compliance & certification.