Cyber Essentials
Take your cyber security commitment to the next level with Cyber Essentials Plus certification.
This advanced government-backed program is designed for businesses aiming to bolster their defences against prevalent cyber threats.
Approximately one-quarter of businesses initially certified with Cyber Essentials proceed to attain Cyber Essentials Plus, demonstrating their ongoing dedication to cyber security.
Essential
Cybersecurity Standards
Cyber Essentials is a scheme designed to help protect the UK from cyber threats, which are becoming a significant risk to UK businesses. To counter this threat, the Government introduced the Cyber Essentials Scheme, which encourages organisations to review and improve their basic cyber security measures and demonstrate that they meet or exceed a recognised baseline of cyber security practice.
The Cyber Essentials Standards provide a cost-effective route to cyber security for small and medium-sized enterprises that need help implementing complex security measures. It will help protect your business and your customers’ data against threats like malware, hacking, and the loss or theft of equipment and help prevent damage to your brand and reputation if a data breach occurs.
5 KEY POINTS
CYBER ESSENTIALS
CONTROLS
The five critical technical controls make up the Cyber Essentials standard. Organisations must demonstrate that they are aligned with these controls to achieve certification.
Strong user authentication and access control measures ensure that only authorised individuals can access sensitive information and perform specific actions. This control helps prevent unauthorised access and restricts privileges based on job roles.
Implementing firewalls and secure gateways at network boundaries to monitor and control incoming and outgoing network traffic, providing a first line of defence against unauthorised access.
Ensuring that devices and software are configured securely, following industry best practices and guidelines. This involves removing or turning off unnecessary features, changing default passwords, and applying appropriate security patches and updates.
Maintaining an up-to-date inventory of software and applying security patches promptly. Regularly updating software protects against known vulnerabilities and helps prevent exploitation by attackers.
Deploying effective anti-malware solutions (e.g., antivirus software) to detect and prevent the execution of malicious software. Regular updates and scans help identify and remove malware, reducing the risk of infection and data compromise.
By implementing these five controls, organizations can significantly improve their cybersecurity defences, mitigate common cyber risks, and enhance their overall resilience against cyber threats.
Why
GET CYBER ESSENTIALS CERTIFIED
Difference
CYBER ESSENTIALS &
ESSENTIALS +
Organisations can gain two levels of Cyber Essentials accreditation, Cyber Essentials Basic and Cyber Essentials Plus, however the Plus standard holds greater credibility as it involves an external audit carried out by an official Certification Body to ensure that organisation meets the standard.
How
Cyber Essentials Plus
Certification Process
The Cyber Essentials Plus certification is assessed using the same five controls as the Cyber Essentials.
However, where Cyber Essentials can be self-assessed and independently verified, the Cyber Essentials Plus certification includes a Vulnerability Assessment and a Remote Technical Audit of your systems.
We will conduct a remote audit on a selection of devices from across your organization to verify that their configurations align with the required standards.
Our team will conduct a comprehensive Vulnerability Assessment on these devices to validate that patching and configurations meet acceptable criteria.
We will perform an external port scan on your internet-facing IP addresses to identify and rectify any evident vulnerabilities and misconfigurations.
Thorough testing will be conducted on the configuration of your default email and internet browsers to evaluate their effectiveness in preventing the execution of potentially harmful files.
Throughout the process, screenshots will be taken to meticulously document your compliance with the Cyber Essentials Plus standard.
Upon achieving accreditation, we will annually review and resubmit your certification to ensure continual compliance.
We believe that nobody should mark their own homework which is why we arrange for an external auditor to assess our work and sign off on your Cyber Essentials Plus certification.
Prices staring from only £1400
Speak to a Cyber Essentials expert today
Are you ready to start your Cyber Essentials journey, or would you like to learn more about the certification process?
Enter your details and one of our Cyber Essentials specialists will be in touch.
Frequently Asked Questions
- Shields your organization from approximately 80% of cyber-attacks, as stated by the UK government.
- Displays your dedication to security and data protection to clients and stakeholders.
- Enhances your reputation and enhances your chances of securing new business by showcasing your cyber-security measures.
- Cyber Essentials allows you to collaborate with the UK government, while Cyber Essentials Plus qualifies you to work with the MoD.
- Enables you to concentrate on your business objectives with peace of mind, knowing your security is ensured.
Details of insurance terms and conditions can be found here.
The Cabinet Office’s guidance to Procurement Officers can be accessed here, specifying situations where Cyber Essentials certification is required.
It is noteworthy that an increasing number of government and commercial entities are mandating this certification for their suppliers, despite not being required to do so by the Procurement Policy Notice. In a speech on June 23rd, 2015, Ed Vaizey from the Department of Culture, Media & Sport encouraged all organizations to “adopt Cyber Essentials to protect and promote themselves online to all stakeholders.”
Any company employing unsupported or outdated software within the assessment scope, such as Microsoft 7, is likely to fail to attain Cyber Essentials certification.
The questionnaire necessitates responses to all inquiries. Most questions will require concise explanations to help us grasp your company and its information security controls. Providing comprehensive details upfront reduces certification time, as we have all necessary information from the start.
For Cyber Essentials, once you’ve completed the self-assessment questions on the online portal, we aim to provide assessment results within 24 hours. For Cyber Essentials Plus, this must be conducted within three months of Cyber Essentials accreditation. Cyber Essentials Plus requires an on-site audit, which can be scheduled upon request after a signed order and Cyber Essentials pass are in place.
We will contact you before your expiry date, outlining the renewal process steps.
To pass the Cyber Essentials assessment, you must answer nearly all questions correctly (compliant). You must have control over all these aspects of your system to be certified. The UK Government establishes this stringent pass criteria.
If you’re non-compliant with some questions, we recommend adjusting your processes to meet the requirement and providing notes explaining why you’re not compliant in that aspect and how you manage that risk.
You can download the Cyber Essentials question set here.
