Cyber Essentials helps protect against cyber attacks
Cyber Essentials is a UK Government scheme developed by the National Cyber Security Centre (NCSC) to help organisations guard against the most common cyber threats and demonstrate their commitment to cyber security.
The certification process is managed by IASME who license certification bodies, such as Forensic Control, to carry out Cyber Essentials and Cyber Essentials Plus certifications.
Cyber Essentials has been designed to be affordable, simple to implement, and to accommodate organisations of any size.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment demonstrating a company’s ability to protect itself against common cyber attacks. It provides guidance on how to securely configure your devices and the accounts that are associated with them.
Cyber Essentials Plus offers additional integrity as it requires an external body, such as Forensic Control, to conduct a hands-on, technical verification of the security of your devices.
Why certify with Forensic Control?
We offer the most complete service at the most competitive price. We’ve certified dozens of organisations from the smallest to some of the best known organisations in the UK, each received a tailored service with unlimited support, as you will. Don’t just take our word for it – see what our clients have to say about us.
CYBER ESSENTIALS CERTIFICATION
£ 1,000
includes £200 application fee to IASME
Includes all IASME application costs
Ability to spread the payment over 12 monthly instalments, interest free
Guided questionnaire with “model” answers provided
£25,000 of free cyber insurance cover, if required and if qualifying
Cyber security advisory for 12 months
A hand-holding service, including unlimited phone & email support
CYBER ESSENTIALS PLUS CERTIFICATION
£ 1,800*
includes £200 application fee to IASME
Includes all IASME application costs
Ability to spread the payment over 12 monthly instalments, interest free
Cyber security advisory for 12 months
A hand-holding service, including unlimited phone & email support
Qualified external assessor auditing your security controls
Tests of a set of user devices, internet gateways & servers
On-demand vulnerability testing on external IP addresses for 12 months
* Price may increase for organisations with a mix of operating system versions/builds. Please call us to check
BEST VALUE
CYBER ESSENTIALS & CYBER ESSENTIALS PLUS
£ 2,400*
includes £400 application fee to IASME
This includes everything you need to certify you to both Cyber Essentials and Cyber Essentials Plus
Includes all IASME application costs
Ability to spread the payment over 12 monthly instalments, interest free
Guided questionnaire with “model” answers provided
£25,000 of free cyber insurance cover, if required and if qualifying
Cyber security advisory for 12 months*
A hand-holding service, including unlimited phone & email support
Cyber security advisory for 12 months*
Qualified external assessor auditing your security controls
Tests of a set of user devices, internet gateways & servers
On-demand vulnerability testing on external IP addresses for 12 months
* Price may increase for organisations with a mix of operating system versions/builds. Please call us to check
WHAT OUR CLIENTS SAY
“Highly recommended Forensic Control. From the very start of our CE+ journey, Jonathan was providing tremendous service to us in order to ensure we had all the necessary information and advice specific to our company. They were consistently providing clear and helpful guidance in order for us to best succeed with our certification and as such had a great outcome! Big thanks to Jonathan and Forensic Control..”
Christopher Price, Tech. Operations Officer, Faculty AI
“We are a small company that relies on the security of our data. Forensic Control has been perfect at keeping us protected and up to date with all the latest trends. Very efficient when we have needed help. Thank you.”
Andy Bibby, CEO, 87%
“Forensic Control came in to support us at very short notice. From the get-go, the service was professional, slick, to-the-point and constructive. The net effect was that we successfully achieved our CE+ certification but did so as a meaningful basis for growth and cultural change – this is due, in no small part, to the technical leadership, guidance and objectivity that Forensic Control brought to this project. I would actively look to work with and engage Forensic Control on future projects.”
Christopher Crowther, CIO, Spectra Analytics
Cyber Essentials requirements – the five key areas
Cyber Essentials assesses how organisations protect themselves from cyber attacks by checking five key areas. It identifies whether the necessary controls are in place and how they are managed. Forensic Control offer simple, step-by-step guidance to help companies comply with each of these areas.
Please note, these controls apply to all internet-connected devices that access your data, including those not owned by your organisation (BYOD). If all devices that access your data meet these requirements it is likely that you would be a good position to certify to Cyber Essentials
Securing your perimeter
You will need to ensure that your office firewalls, and Wi-Fi routers for home workers, are secure. Other requirements include changing default passwords on network equipment (here’s some good advice you can show to your users) and ensuring that these devices are supported and their firmware updated.
Securing your devices
Requirements to securely configure devices include removing software and user accounts which are no longer in use, and ensuring passwords are strong. Contrary to common advice, it is no longer considered secure to require users to regularly change passwords.
Updating your devices
It is important that all apps and operating systems are supported by their manufacturers and are kept updated. This ensures that they are protected against known vulnerabilities. Use of an MDM (mobile device management) tool can help put you in control of patching on your network.
Controlling access to your data
Everyone needs a unique user account to access your organisation’s data. You must also ensure that users only have access to the data they need according to their role. Data access permissions must be managed when a user changes roles, while the use and provisioning of administrative accounts must be controlled.
Protection against malware
Protection against malware is required on all devices where it is available, including for Macs. The anti-malware software needs to check for updates at least once every 24 hours, and it must protect against malicious websites. Mobile devices must not be compromised by jail-breaking or rooting.
What will Cyber Essentials do for us?
♦ It will protect you from the majority of general cyber attacks
♦ It shows current and potential clients that you take cyber security seriously
♦ You will be listed on the NCSC Cyber Essentials register
♦ It gives you a clear picture of your organisation’s cyber security level
♦ Government contracts require Cyber Essentials certification
How long does it take to get certified?
It largely depends on how quickly you can respond to our requests for information, and your lead time in making any required configuration changes. We aim to reply to your emails/calls on the same day. We’ve found that applicants take anywhere between 1 week and a couple of months to certify to Cyber Essentials.
What about Cyber Essentials renewal?
Cyber Essentials and Cyber Essentials Plus certifications are valid for 12 months. By recertifying annually, this ensure that organisations are still secure against emerging cyber threats.