Protecting your business from cyber-attacks, will significantly decrease security risks and protect your organisation against theft of data, sensitive information or assets. Cybercrime has, on many occasions, caused irreversible financial and reputational damage to companies and individuals. If you are a small to medium business, with up to 250 employees, you should certify your organisation with the Cyber Essentials or Cyber Essentials Plus scheme. Alternatively, if you are considering using an outsourced IT service provider who will manage your cybersecurity, you should check that they are certified.
What is the Cyber Essentials scheme?
Cyber Essential is a Government-backed scheme, industry-supported certification, and run by National Cyber Security Centre (NCSC). The scheme was first launched in June ‘14 and aims to provide businesses/organisations (particularly focused on SME’s) with cost-effective and pragmatic protection against the most common cybersecurity threats. By achieving the Cyber Essentials Certification for your business, you are likely to cut out exposure to 85% of the most common cyber-attacks.
Why Cyber Essentials is important?
By achieving Cyber Essentials or Cyber Essentials Plus, or working with a certified IT provider, your business proves its commitment to Cyber Security. Your partners, clients, suppliers, and employees can feel protected and confident in sharing personal or sensitive information within your business. If your business is tendering for Government projects, you must have the certification in place.
What type of certification should you choose? Cyber Essentials or Cyber Essentials Plus? What is the difference?
The most recommended for SMEs is Cyber Essentials Plus. The certification involves onsite, technical security controls testing from the Certification body. Whereas a standard Cyber Essentials is based on the self-assessment questionnaire, and if passed, a certification will be issued.
What is tested during the assessment?
The process of Cyber Essentials certification involves testing five technical controls of your IT infrastructure:
- Secure Configuration (security measures that are implemented when installing computers and network devices to protect users from cyber vulnerabilities);
- Malware (all kinds of malicious software, that is spread via various sources such as downloaded software or links in email);
- User Access Control (a method of guaranteed identification of the company’s network users);
- Patch Management (the process of managing and regularly updating missing software patches in your computer network);
- Firewalls (network security device that monitors and filters incoming and outgoing network traffic. A firewall is the core barrier between a private internal network and the public internet.
Is Cyber Essentials Mandatory? Who needs certification?
Cyber Essentials is mandatory for all the central government work and the MOD. For all other businesses, either in private or public sector, certification is not a mandatory requirement. However, for security purposes, businesses are using Cyber Essentials or using a certified IT, provider, like us, ADT Systems.
Achieving Cyber Essentials certification will ensure that all of the required technical controls are tested and protected from common cyber-attacks. The certification is strong evidence, that your online sphere, is a secure place, where exchanging sensitive information takes place.
The process of achieving the Cyber Essentials certification should not be complicated, but if you have more questions about the scheme, please get in touch. Whether your business needs full IT services or an IT company to work collaboratively with your in-house IT department, we can make sure that that your business runs smoothly, effectively, and is protected from cybercrime. Contact us today and find out more about the security services that will work best for your business.
ADT Systems has been working with small to medium businesses since 1993, providing tailored IT solutions, support, and specialist advice.
We have many interesting News posts that are worth reading, so, please take a look! Finally, our new social media pages would love to have you onboard! Have a look at our Facebook, LinkedIn, and Twitter accounts!
ADT Systems Team