Understanding Cyber Essentials
Written by Joseph Poppy on 04/10/2019
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Both Cyber Essentials and Cyber Essentials Plus demonstrate that your organisation is taking cyber security seriously and has the five technical controls in place. Cyber Essentials Plus offers everything that Cyber Essentials provides, except the five controls must be independently assessed by a certification body. This extra level of scrutiny means your Cyber Essentials Plus badge will hold more weight with potential customers. Your controls will have been verified by security experts.
The certifying body will run a vulnerability scan against all in-scope items, check through policies and procedures, inspect access control and even conduct a build review on a standard image or two. This will involve ensuring your anti-virus software and firewalls detect known malicious signatures, by loading a fake piece of software or sending an email with a fake virus.
Whilst Cyber Essentials Plus is the more expensive of the two, it is held in higher regard and much of the work is done by the certifying body. Again, if you feel a bit overwhelmed and don’t know where to start, it’s worth engaging with such companies beforehand to see if they can help you pass first time.
Cyber Essentials Enquiry
To find out which scheme and package best suits your business, please share a few details with us and we’ll be in touch
Benefits of Cyber Essentials for your business
By becoming Cyber Essentials compliant, businesses can demonstrate to their customers that they take security seriously and have the basics in place to protect their data. Think of it as a fundamental security baseline that can be universally applied to pretty much every organisation.
With that in mind, you could almost say becoming Cyber Essentials certified is essential... I’m not proud of that. But how do businesses go about obtaining it? And what does it involve? All good questions and I’m glad you asked them.
Does my business need to be Cyber Essentials certified?
Cyber Essentials is not mandatory but is incredibly valuable. Businesses benefit from improved trust from their customers and the ability to bid for certain government contracts. It is not a particularly costly procedure, so the benefits far outweigh the initial investment.
By assessing and ensuring your business is maintaining these five controls to a good standard, you can request Cyber Essentials certification from a certifying body. This will allow you to proudly display a Cyber Essentials badge on your website and attract more clients.
The process each company will go through follows the same path as illustrated below:
An update schedule is vital for continuously plugging holes in your company’s security. This is often harder to do in smaller companies that may not have the dedicated resources to test and oversee these rollouts but, regardless of size, all companies should be doing so.
How to get started?
To get Cyber Essentials certified you’ll have to start by conducting a security audit. Find out what you have in place across the business and get a top-level view of your security posture. You should probably document your findings too, as it’s always a good idea to have all this info on hand. The purpose of this is to understand your current defences and identify any at-risk areas, making planning how you’ll go about obtaining Cyber Essentials certification easier.
You’ll also have to run (or procure) a vulnerability scan. This will determine whether there are any flaws, misconfigurations or outdated components within your network, allowing you to patch them accordingly. Whilst regularly running these types of scans is recommended anyway, stamping out any known vulnerabilities is vital to obtaining Cyber Essentials.
Cyber Essentials Questionnaire
Once you think you’re in a pretty good position, it’s time to apply. To become Cyber Essentials certified you’ll have to fill out a questionnaire, which is where the real fun begins. No-one can be upset when filling out a questionnaire.
The questionnaire contains 52 questions relating to the five technical controls and how they are managed within your organisation. The answers to these multiple-choice questions will determine whether your chosen certification body will grant you Cyber Essentials. If you used your time wisely and conducted a proper audit and vulnerability scan, certification should be a doddle.
Questions could range from ‘Are users prevented from installing any other applications?’ to ‘has out-of-date or older software been removed from computer and network devices that are connected to or capable of connecting to the Internet?’. They are all quite straightforward.
What are you waiting for?
Cyber Essentials and Cyber Essentials Plus are great schemes for ensuring you have strong security foundations to build upon. Not only will it generate trust between you and your clients, it’ll give you a top-level understanding of your security posture and the common threats you need to be defending against. The best way to beat the hackers is to get the basics right.
Bulletproof’s friendly compliance officers have already helped many customers achieve Cyber Essentials and Cyber Essentials Plus, and they all agree it’s a quick and easy process. So, now you know what it is and how they can benefit you, get in touch and we’ll get you certified. There, that was a long old sell.
Bulletproof demonstrated their expertise from day one, and thanks to their insight we passed Cyber Essentials first time. With our 10-year history of keeping customer data secure, the Cyber Essentials scheme adds further confidence and value to Backup Systems offerings.
Christopher Blewitt IT Support Technician, Backup Systems Ltd
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.