Updated: Feb 27
What Is Cyber Essentials?
The UK government's Cyber Essentials scheme, developed by the National Cyber Security Centre (a part of GCHQ), is an excellent way to protect organisations from the vast majority of cyber threats.
It was designed through a collaboration between government and industry to help UK organisations of all sizes significantly increase their protection against today’s cyber threats.
There are two levels to the scheme – Cyber Essentials basic, a self-assessment of your cyber security status, and Cyber Essentials Plus, which provides more assurance through an independent security expert auditing your security.
If you wish to attain either level we can help you with our cyber essentials packages.
Why get Cyber Essentials Certification?
Cyber Essentials significantly reduces the chances of losing access to your data or your organisation being the victim of fraud. The National Cyber Security Centre states that it can protect against 80% of common cyber attacks, while a study from Lancaster University found that 99% of all generic cyber attacks were either totally or partially mitigated in SMEs using the Cyber Essentials controls.
There are more good reasons to certify to Cyber Essentials:
It reassures clients, prospective clients and staff that you care about their cyber security
You take your rightful place in a growing online list of companies who have taken the plunge, a handy directory from which the public and B2B clients can choose businesses they can feel safe working with
It helps you attract good employees, people who want to work with a reputable company whose systems are safe and secure
It provides a marketing advantage that helps you build trust in your brand, a useful USP for your publicity materials
It lets you apply for and work on local government, national government and other contracts that demand Cyber Essentials certification
About Cyber Essentials basic
Cyber Essentials basic consists of a self-assessment questionnaire which shows how you match against the Cyber Essentials standard. It assesses your security control in the following five areas:
The security of your internet connection
The security of your devices and software
How you control access to your data and services
How you’re protected from viruses and other malware
How you keep your devices and software up to date
To achieve it you first choose a suitable Certification Body, such as ourselves. Once you decide to go ahead you’ll be provided with a questionnaire of around 60 questions. Implicit in each question is the correct answer, so for the majority of the questions the correct answer will be a positive one. Many questions require a simple yes/no response, though some require more details which you can supply in a couple of sentences.
Forensic Control provide detailed guidance on how to best respond to each question and unlimited phone and email support during this process. If you follow our advice, we’re able to ensure that you will pass on your first attempt. You should note that there is a requirement for applicants to confirm that all the answers provided have been approved at Board level or equivalent and for a board member to sign a declaration to show that the answers provided are accurate.
On completion of the question set the assessor will check it through and if you’ve passed you’ll be Cyber Essentials certified. In order to remain protected against the ever-changing nature of cyber security threats you will need to renew this certification every 12 months.
What is Cyber Essentials Plus?
Cyber Essentials Plus builds on Cyber Essentials basic, via an independent audit of your security controls. As it checks on the responses you provided in Cyber Essentials basic, you must first be certified to Cyber Essentials basic.
A Cyber Essentials Plus audit involves a security expert visiting your place of work – they will check a random sample of the end-user devices used to access business data; this could be computers, laptops, mobiles and tablets. The expert will check how these devices deal with test malicious software delivered via email and through web browsers. Checks will be made on whether you are using the latest available versions of operating systems and other software, and if available, whether your anti-malware software is configured correctly. Any weaknesses on your end-user devices will be explored at this stage.
It also involves a vulnerability test of your internet gateway (such as your router or firewall). Once you’re assessed as meeting the standard required, the assessor will produce a report based on their findings, and, all being well, you will be Cyber Essentials Plus certified. As with the basic level you will need to re-certify every 12 months to remain protected against emerging threats.
Ready for Cyber Essentials?
At Forensic Control we realise cyber security can be daunting, so our approach is designed to offer close assistance from the beginning and at every step of the way. We do our best to make the certification painless. Expect professional, technically competent guidance delivered with empathy and care. We help every step of the way, so you can focus on running your business.