What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment demonstrating a company’s ability to protect itself against common cyber attacks. It provides guidance on how to securely configure your devices and the accounts used to access them.
Cyber Essentials Plus offers additional integrity, requiring an external body, such as Forensic Control, to conduct a technical verification of the security of your devices.
What devices are in scope for Cyber Essentials?
Any device accessing your data, email or services (including services such as Microsoft 365 or Google Workspace) or remote desktop services, (e.g., Citrix, VDI, RDP) is in scope and must comply with the Cyber Essentials standard. This includes devices owned by the organisation and devices owned by staff, whether employed or contractors (BYOD). Devices which don’t directly connect to the internet are not in scope.
How long will it take to get certified for Cyber Essentials?
It largely depends on how quickly you can respond to our requests for information, and your lead time in making any required configuration changes. We aim to reply to your emails/calls on the same day. We’ve found that applicants can take anywhere between one week and a couple of months to certify.
Are contractors and temp staff in scope?
Cyber Essentials seeks to protect an organisation’s data by securing the devices which access that data. The employment status of the people who use devices to access your data doesn’t matter, whether employed, contractors, interns or temps. If they access your data then their devices will be in scope and will need to be secured to the Cyber Essentials standard.
We usually work from the office but are now working from home…
Cyber Essentials is a point in time certification – it assesses your organisation as it is on the day that you submit your responses. If staff are currently home based then they will be considered as home workers.
Are the routers of home workers in scope for Cyber Essentials?
Home routers are not in scope if your computers have their software firewall switched on – by default, all Windows and Mac computers have this already activated. For extra security we recommend all connections from devices accessing your data are protected by a VPN (virtual private network) and that you have an effective home working policy
Will we need to renew Cyber Essentials?
Cyber Essentials and Cyber Essentials Plus certifications are valid for 12 months. We recommend re-certifying annually to ensure that organisations are still secure against emerging cyber threats.