Security Services

Cyber Essentials

What is Cyber Essentials?

Understanding the certification process

Cyber security is incredibly important, never more so than in today’s climate- so a great way to begin your cyber security journey, or to enhance your current efforts is to gain the Cyber Essentials and Cyber Essentials Plus certification.

Cyber Essentials has been an ongoing scheme, backed by the UK Government since its inauguration in 2014 and it is a simple, yet highly effective scheme which can safeguard organisations from the most common cyber security threats.

 

cyber-essentials
Creating Awareness

Why should my organisation be thinking about Cyber Essentials?

Organisations are progressively worrying about the risk of a cyber-attack, especially considering that the number of cyber-attacks being carried out by criminals is increasing, which makes it clear that cybersecurity should be an area in which organisations are prioritising.

Cyber-attacks can take on a myriad of ways, with each one having devastating effects for organisations, which is where Cyber Essentials comes in.

Cyber Essentials not only helps to protect your organisation against the most common types of cyberattacks, but it also supports business continuity, because have you ever stopped to consider the impact that an attack would have on your business operations?

Then, when you combine achieving the Cyber Essentials and Cyber Essentials Plus accreditations with an integral cyber security strategy, whether that be regular Penetration Testing, Vulnerability Scanning, or any number of consultancy solutions such as EDR, SOC, SIEM, NAC and Managed Firewall Services you will not only be showing you take your responsibility towards safeguarding your networks and yours and your customers/ partners data seriously, but you will also be minimising the risk of cyber-attack.

In addition to safeguarding your networks and offering a best practice attitude towards cyber security, having the Cyber Essentials accreditation is a compulsory prerequisite for companies who provide services to the UK Government. So, if your plans are to tender for contracts in the future, achieving Cyber Essentials is the first step.

FAQ's

Further information

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a scheme that is divided into two elements, Cyber Essentials and Cyber Essentials Plus.

These two elements have been designed to assist businesses, from SME to large organisations, to make sure that they understand the core controllers required to safeguard themselves and their network against cyber-attacks.

The first component, Cyber Essentials is achieved by completing a questionnaire-based certification, with the questionnaire assessment being completed through access to a portal.

Within this portal you will be asked to answer 80 self-assessment questions…

These questions will refer to your organisation’s IT Infrastructure and the questions will be based on the following 5 areas: Firewalls, User Access Control, Malware Protection, Patch Management and Secure Configuration.

Upon submission of your questionnaire, you will be notified by the system as to whether your organisation has passed or failed.

If you are unsuccessful, you will be given a grace period of 3 days in which to remedy the gaps, before re-submitting your application.

When you have achieved the certification for Cyber Essentials, you can then progress onto the second component, Cyber Essentials Plus.

Cyber Essentials Plus is a more in-depth certification and a really good way to demonstrate to your customers and partners that your organisation takes cyber security extremely seriously.

The way in which Cyber Essentials Plus is achieved is that the certification body will carry out either an on-site or a remote audit of your infrastructure.

If your organisation passes this then you will be awarded the certification for Cyber Essentials Plus, however if any gaps are identified then you will be given 15 days to address and remediate, before the assessment is carried out again.

What are the 5 technical controls?

Cyber Essentials works as it circumstantiates 5 technical controls, that can improve your cyber security defences.

These are:

Firewalls: The requirement is that each of your devices are protected by a correctly configured firewall.

Firewalls are a type of network device that can restrict inbound/ outbound network traffic, which in turn assist in protecting your organisation against cyber-attacks, this is because firewall rules are implemented which allow or block traffic based on its source, destination or communication protocol.

Secure Configurations: The requirement is for an organisation to be actively managing its computers and network devices, which subsequently reduces the level of inherent vulnerabilities and enabling such devices to only provide the services necessary to fulfil their role.

Access Controls: The requirement is to safeguard your networks through ensuring that only those individuals who are approved to access devices, servers, databases etc can do so.

Provide user accounts with unique credentials and authentication, distinctive to that individual- with each account only permitting access to the required resources dependent on the individuals role.

Any and all accounts and privileges must be appraised regularly- with quick removal/ disabling when no longer needed, or when an individuals role within your organisation changes.

Malware Protection: The requirement is that the organisation has a Malware Protection Mechanism in place, to protect themselves from viruses and Malware with at least one of the following (although our recommendation would be to have all three:)

  • Anti-Malware software
  • Sandboxing
  • Allow listing

Security Updates: The requirement is to ensure that you keep all of your software and your devices up to date.

To support keeping your organisation secure it’s your responsibility to know that your software is both supported and licensed, with the deletion if this is no longer correct.

Furthermore, you should be facilitating automatic updates, wherever possible- alternatively maintaining any manual updates are applied within 14 days of their issue.

What Are
The Benefits?

Increased Credibility

Show your stakeholders, partners and customers that your organisation is taking its responsibility to cyber security seriously.

Heightened Opportunities

Cyber Essentials certification is required in order to have the opportunity to tender for Government contracts.

Better Understanding

Cyber Essentials provides a better understanding for further development of your cyber security strategy.

Verified Protocols

Reduce the risk of GDPR breaches and fines, through verification of your internal protocols.

Reduced Premiums

Being Cyber Essentials certified it can bring with it the prospect of reducing your insurance premiums with various providers.

Enhanced Awareness

Enhance your awareness towards complex security threats, whilst having increased confidence in your procedures.

Increased Credibility

Show your stakeholders, partners and customers that your organisation is taking its responsibility to cyber security seriously.

Heightened Opportunities

Cyber Essentials certification is required in order to have the opportunity to tender for Government contracts.

Better Understanding

Cyber Essentials provides a better understanding for further development of your cyber security strategy.

Verified Protocols

Reduce the risk of GDPR breaches and fines, through verification of your internal protocols.

Reduced Premiums

Being Cyber Essentials certified it can bring with it the prospect of reducing your insurance premiums with various providers.

Enhanced Awareness

Enhance your awareness towards complex security threats, whilst having increased confidence in your procedures.

Let’s DIScuss

Challenge DIS & we’ll create an integrated technology solution to solve your problems.

"*" indicates required fields

To prove you're not a robot, please type in the characters below:
This field is for validation purposes and should be left unchanged.