SoConnect has helped many businesses in Edinburgh and across the UK complete a Cyber Essentials checklist and achieve certification. It’s the gold standard in ensuring your company has taken steps to protect applications and data from cyber-attacks. Knowing what the scheme demands you have in place shouldn’t be a mystery. Read on for a rundown of the Cyber Essentials scheme and get your free Cyber Essentials Checklist.
What is the Cyber Essentials Scheme?
If your work has had any crossover with the UK government, you will have probably heard the words’ Cyber Essentials’ mentioned. In 2014, the UK government recognised the enormous risk of cyber-attacks to businesses that worked with them.
They also found that most of these risks were avoidable by following basic security measures. In response to this, they launched the Cyber Essentials scheme.
Ensuring a standard level of cybersecurity across all suppliers, even small businesses without IT teams dedicated to cybersecurity could be protected. In the last few years, SMEs (small and medium enterprises) have suffered increasingly crippling cyber-attacks – many could have been prevented with Cyber Essentials compliance.
What are the certification standards?
Cyber Essentials are precisely that. The standard. Every business should take the necessary actions to ensure comprehensive digital security and protection from threats. The scheme offers SMEs two certification standards to choose from Cyber Essentials & Cyber Essentials Plus.
Earning a certification demonstrates a commitment to cyber safety to business partners and customers. Let’s take a closer look at the Cyber Essentials scheme as a whole, and explain the difference between the two certifications.
The certification process is the first step to cyber security in the UK. It explains and outlines the security controls organisations must have to protect their data.
The scheme assesses your business on five security controls:
- Firewalls and internet gateways:
- Secure configuration:
- User access control:
- Malware protection:
- Patch management:
Once you have these basic controls in place, you must fill out a Cyber Essentials questionnaire confirming that you have met the conditions. You then submit the questionnaire for review by the certification body.
Cyber Essentials Plus
While Cyber Essentials Plus has the exact requirements as Cyber Essentials (all five security controls in place), there are a couple of differences.
Cyber Essentials Plus includes an independent assessment that a licensed auditor carries out. After completing the self-assessment, an auditor will come to your location or remotely access your network. They will check for issues and ensure your assessment is correct. The check includes:
- Testing anti-malware software by sending emails.
- Checking for outdated software on a device.
- Testing how different users access files.
Which certification is right for my business?
The certification that you aim for depends on your business’ circumstances. Cyber Essentials certification is a solid starting point that shows that you care about data protection. If you hold any sensitive data, you should consider getting the Plus certification.
If you’re unsure, start with the Cyber Essentials, and you can always add the Plus version further down the line. However, be aware that to achieve Cyber Essentials Plus, you must have completed Cyber Essentials within the last three months.
Get your free Cyber Essentials Checklist
Cyber Essentials certification is an investment in the future and security of your business. We want to make it easy to see what steps you need to take to be Cyber Essentials compliant.
SoConnect can help you every step of your Cyber Security journey. We’ll conduct a Cyber Essentials gap analysis to help you determine what actions your business should take. We’ll audit your security controls, train your team in Security Awareness, and we’ll even manage your application to the Cyber Essentials/Plus Scheme.
Ongoing Cyber Essentials compliance
We know that ensuring ongoing compliance with policies and protocols can be challenging. Our partnership with CyberSmart means that we can provide an app installed on all company devices to ensure they are compliant with guidelines 24/7 all year round.