The Cyber Essentials Certification Scheme was introduced in 2014 by the UK Government to promote a level of basic cyber security controls across UK businesses. Up to 80% of cyber attacks on organisations in the UK could be prevented by having these protocols in place. Since 2017 the number of businesses experiencing phishing attacks has jumped from 72% to 86%, although there has been a drop in businesses experiencing viruses or other malware attacks, from 33% to 16%. There has never been a better time to join the Cyber Essentials Certification Scheme.
Cyber Essentials is suitable for all organisations, of any size, in any sector. The scheme not only helps to ensure that data within your business is protected but also demonstrates to your customers that you are committed to cyber security. Formally displaying your commitment to protecting data can help to attract new business to your organisation.
The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:
- 93% of certified organisations are confident that they are protected against common, Internet-based cyber attacks;
- 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
- Certified organisations are more likely to implement cyber security controls beyond the scheme’s five controls, and are more aware of the risks posed by cyber-attacks.
Cyber Essentials is a straightforward assessment of your current digital security. It formally confirms that your current digital defences are robust enough to prevent the vast majority of common cyber attacks. Your IT infrastructure is examined in five specific areas:
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
You’ll need to complete a self-assessment questionnaire and your answers will be evaluated by the certification body. If your systems meet the specifications, you’ll be awarded your certificate. Forensic Control ensures that we wont let our applicant fail – we walk them through each step and offer unlimited help to make sure that they are compliant.
Cyber Essentials Plus offers an additional level of security. Your devices will be subject to an audit, which is conducted remotely, so they won’t be affected by remote or hybrid working.
Your assessor will perform checks on a number of your organisation’s workstations and mobile devices, including checks on:
- Patch levels of your operating systems
- Patch levels of additional applications installed on your devices, such as Office, Adobe, Java, web browsers, etc.)
- Use of appropriate, secure mobile operating systems
- Regular updates of mobile applications
- Secure lock screens enabled on mobile devices
- Other configuration and account handling weaknesses that are associated with the build of the devices.
This certification does cost more but comes with additional security benefits. You must obtain the basic certification before Cyber Essentials Plus. Please note that Cyber Essentials Plus must be completed within three months of your Cyber Essentials certification.
The UK Government requires that all suppliers bidding for contracts involving the handling of certain sensitive and personal information must be certified against the Cyber Essentials scheme. Projects from the Ministry of Defence or local authorities may also require the enhanced Cyber Essentials Plus certification.
On passing these certifications, you’ll be added to the publicly searchable NCSC database of certified organisations and you’ll be able to add the Cyber Essentials badges to your company’s website. Certification for both Cyber Essentials and Cyber Essentials Plus is valid for 12 months from the day it is awarded, after which you’ll need to renew your certification.