About the Cyber Essentials Scheme
“the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.” Minister of State for Digital and Culture March 2017
According to the UK Government, around 80% of cyber attacks could be prevented if businesses put simple cyber security controls in place. In addition, since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services.
The Cyber Essentials scheme evidences a company’s commitment to cyber security. This certificate demonstrates that the organisation meets government and industry-endorsed criteria to help businesses protect themselves against the most common cyber threats and achieve a certificate providing evidence to existing and prospective clients they have achieved a key standard of cyber security.
The UK Government ‘Cyber Essentials’ scheme has been adopted across supply chains and is an integral part of doing business. It is now mandatory for businesses to comply with ‘Cyber Essentials’ when bidding for certain government contracts.
The take up of the Cyber Essentials scheme by businesses has been exceptional and Insurance companies have recognised that the Cyber Essentials certification is a valued gauge of a mature approach to cyber security while also reducing business risks for stakeholders.
Our Cyber Essentials consultancy services
We support our clients in deciding whether to gain Cyber Essentials or Cyber Essentials Plus.
- Cyber Essentials is the basic certification an organisation needs to implement to be considered for new public sector contracts.
- Cyber Essentials Plus certification requires more robust independent testing to assess the level that Cyber Essentials is integrated into the organisation, conduct an external vulnerability assessment, an internal scan and an on-site review to ensure that your company is protected against basic hacking and phishing attacks.
How do we help you prepare for Cyber Essentials?
We provide information security consulting services to prepare an organisation for its audit on the five main controls of the Cyber Essentials scheme:
- Secure configuration – Implementing security measures when building and installing computers and network devices to reduce unnecessary vulnerabilities
- Boundary firewalls and Internet gateways – Providing a basic level of protection where an organisation connects to the Internet
- Access control and administrative privilege management – Protecting user accounts and helping prevent misuse of privileged accounts
- Patch management – Keeping the software used on computers and network devices up to date and resisting low-level cyber attacks.
- Malware protection – Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware), including options for malware removal, which will protect your computer, your privacy and your important documents from attack.
If you have an information security question or would like to hear from one of our consultants, please contact us now
Our Cyber Essentials service also includes:-
- Defining the scope for the Cyber Essentials certificate
- Completing the Self-Assessment questionnaire (SAQ)
- Conducting the on-site assessment if Cyber Essentials Plus is the goal
- External Vulnerability scan
- Certification
Cyber Essentials Certification Benefits
If you have a weak approach to cyber security by failing to do the basics, you will experience some form of cyber attack.
As part of your risk management processes, you should be assessing whether you are likely to be the victim of a targeted or un-targeted attack.
- Gaining Cyber Essentials certification enables organisations to demonstrate they are trustworthy and secure when it comes to cyber security.
- Saves time and money as Cyber Essentials can prevent approximately 80% of cyber attacks
- Cyber Essentials Plus gives independent assurance of cyber security controls
- Cyber Essential certificate holders can be considered for Government contracts
- Cyber insurance premiums can be reduced by presenting your Cyber Essentials certificate
- Identify risks and put controls in place to manage or reduce them
- Gain stakeholder and customer trust that your and their data is protected
- Demonstrate compliance and gain status as preferred supplier
- Meet more Government and Client/Customer tender expectations by demonstrating compliance
If you have an information security question or would like to hear from one of our consultants, please call us now