What is Cyber Essentials?
Cyber Essentials is a government-backed cyber security certification scheme that helps your organisation protect itself against common online threats. It is a set of IT schemes designed to provide you with a basic level of protection against cyber attacks. The certification is awarded to businesses that can demonstrate they have implemented the necessary controls to secure their systems, networks and data. The certification process involves a self-assessment of your organisation's cyber security, including a review of your policies and procedures and a technical assessment of your systems and networks. By obtaining Cyber Essentials certification, you demonstrate to customers and suppliers that you take cyber security seriously and have taken steps to protect against attack from hackers.
What is Cyber Essentials Plus?
The Cyber Essentials Plus certification uses the same scope and standards as the standard Cyber Essentials scheme but your security measures are manually verified by an approved, independent Cyber Essentials partner.
The Cyber Essentials Plus certification not only shows that you have examined your systems security but also provides proof that the measures you have put in place work and meet the full specification.
How Do I Get Cyber Essentials Certified?
Getting Cyber Essentials certified requires a number of steps as laid out by the certification process. Basically you'll need to :
- Review the Cyber Essentials scheme requirements to ensure that your business can meet them. The requirements are divided into five key areas: boundary firewalls and Internet gateways, secure configuration, access control, malware protection, and patch management.
- Carry out a self-assessment of your organisation's cyber security posture. This will determine if you how close (or far!) from being compliant your company is. You can use the Cyber Essentials self-assessment questionnaire to complete this step.
- If the self-assessment reveals that you are not compliant in any area you will need to implement corrective measures to plug any holes in your online and cyber security. You'll probably need some expert help in this area. BTT is here to give the best advice and help you secure your systems.
- Once you've implemented any necessary fixes, you can apply for Cyber Essentials certification.
- For standard Cyber Essentials a Certification Body evaluates your self-assessment form and will approve or reject your application.
- For Cyber Essentials Plus you will need to involve an approved Certification Body to manually asses your security and policies before you can be awarded your certification.
It's worth noting that the Cyber Essentials certification is an ongoing process. You will need to review and renew your certification on an annual basis to stay certified.
What Will Be Tested In Cyber Essentials Certification?
The Cyber Essentials certification process involves an assessment of your business and policies. This assessment focuses on five key areas:
- Boundary firewalls and Internet gateways: This includes the measures you have in place to protect your network from external threats, such as firewall configuration and Internet access controls.
- Secure configuration: This covers how you ensure that your systems and devices are securely configured, such as password policies and encryption.
- Access control: This examines what measures you have in place to control access to your systems and data, such as user authentication and authorisation.
- Malware protection: What systems do you have in place to protect against malware, such as antivirus software and email filtering.
- Patch management: Do you have a policy in place to make sure that your systems and applications are up to date with the latest security patches.
The assessment involves a review of all off your policies and procedures together with a technical assessment of your systems and networks to prove that the necessary controls are in place. You then either submit a self-assessment form or involve a certification body approved by the UK government to deliver the Cyber Essentials Plus scheme.
If you are interested in applying for Cyber Essentials certification, please get in touch with BTT Communications and we will guide you through the process of securing your business from cyber attacks.
Stop worrying abut your cyber security
Get in touch and we can begin making your business cyber secure.