What exactly is Cyber Essentials?
The governments National Cyber Security Centre put together Cyber Essentials in 2013. It came about to address the calls for standardisation of expectations for cybersecurity in business. The aim of Cyber Essentials is not only to protect your business from cyber-attacks but to reassure your customers and stakeholders that you’ve implemented the most important and basic cybersecurity measures. As such, Cyber Essentials lays out five controls or guidelines that outline basic cybersecurity measures you need to implement in your business to protect yourself from cyber-attacks. Once implemented correctly you can become certified.
Cyber Essentials is just like a raincoat or umbrella on a rainy day. When it’s raining you take a raincoat to protect yourself from getting wet, it’s common sense. You should implement Cyber Essentials because cybercriminals are becoming smarter and are striking more frequently. And Cyber Essentials protects you from cyber-attacks it’s really that simple. Both a raincoat and Cyber Essentials are the most basic and simple forms of protection from everyday problems.
The five key controls
To ensure your cybersecurity raincoat is working properly and has no holes the government have laid out five key controls. You can then implement these five key controls to ensure your cybersecurity is up to scratch. Here are the five key controls:
- Firewalls provide a basic level of protection between you and the Internet. Consequently, Firewalls act as a barrier keeping attackers and threats from getting access to your system. By identifying and blocking malicious activity and monitoring your Internet connection a firewall can stop anything from harming your computer.
- Cyber Essentials certification requires your use of a firewall to protect all your devices particularly those on public or untrusted Wi-Fi networks.
A secure configuration
- Secure configuration refers to the measures installed on new software and devices to reduce cyber vulnerabilities. The default measures tend to be open and multi-functional to cater to all needs, but this leaves you with unnecessary security vulnerabilities.
- Cyber Essentials certification requires that you only use necessary software, accounts, and apps to tighten your secure
- Access controls allow you to control who has access to what data. Employees accounts should only have access to the data they need and be given a minimal level of access to apps, computers, and networks. Only authorised individuals should be given special privileges or admin access. Subsequently, stolen or misused accounts will cause less damage.
- Controlling access to data is a requirement of Cyber Essentials certification. Limit admin access and only given it to those that need it.
- Malware is short for “malicious software” and can include viruses, worms, spyware, and ransomware all designed to disrupt, damage or gain unauthorised access to your computer or system. To protect against Malware and remove viruses a number of measures can be put in place.
- Cyber Essentials certification requires that you implement at least one form of Malware protection either anti-malware measures, whitelisting or sandboxing.
Patch management or patching
- Patching is all about keeping your computer and software up-to-date so they’re more capable of resisting low-level cyber-attacks. Manufacturers and developers release regular updates to patch security holes. Implementing these patches is one of the most important things you can do to increase security. Known vulnerabilities that have not been patched are the culprit for the majority of cyber-attacks.
- Cyber Essentials certification requires that you keep your devices, software, and apps up-to-date.
This is just a list of basic security requirements, although they may appear daunting, they’re not hard to implement and realistically all businesses should be implementing them anyway. It’s almost as easy as putting on a raincoat. Not implementing these security measures would be like not taking a raincoat on a rainy day and complaining that you get wet. If you don’t employ Cyber Essentials and get hit by a Cyber-attack, then you can’t really complain as who’s to blame?
The benefits of becoming Cyber Essentials compliant
We really like Cyber Essentials because the range of benefits fits really well with our philosophy that IT is more than just a means to an end but an opportunity for growth and business transformation. If you become fully Cyber Essentials compliant here are some of the benefits:
Protect your business from 80% of cyber-attacks
- The five key controls will protect your business from an estimated 80% of cyber-attacks if implemented correctly. This is a staggering drop in successful cyber-attacks.
Demonstrate your commitment to security
- Being listed as Cyber Essentials Compliant will allow you to gain trust by appearing committed to cybersecurity. Consequently, customer and stakeholder are reassured you won’t threaten the security of the supply chain or become a security liability.
Boost your reputation and increase your chance of securing business
- Being Cyber Essentials Compliant could give you an edge over other similar competitors if you demonstrate your commitment and drive to ensuring the safety of your customers.
- By knowing you have basic security measures in place to protect your business you can focus more time and effort on your overarching business goals by spending less time worrying about security.
Reduce cybersecurity insurance premiums
- Cyber Insurance agencies will look more kindly upon you if your Cyber Essentials Certified as they know you’ve taken the necessary basic steps to protects yourself. Consequently, they’re less likely to have to pay out to you and your premium will be lower.
Get a chance to work with the government or MOD
- Depending on your level of certification basic or plus you could get a chance to work with the UK government or the Ministry of Defence
Even if you don’t manage to achieve certification these controls provide a basic level of protection that you should have in your business anyway.
How to become Cyber Essentials certified
Becoming Cyber Essentials Certified is a simple 3 step process once you’ve implemented the five key controls.
- You have to select a certification body who will help you through the certification process by going through one of Cyber Essentials Accreditation Bodies
- You need to verify your IT is suitably secure through a process of checklists and forms of evidence. Your Certification body will support you through this process.
- Complete the self-assessment questionnaire. The certification body will provide you with a survey to complete once your IT is up to scratch.
The government will issue your cybersecurity raincoat a check of approval if you’ve passed. It will cost approximately £300 to become fully certified.
Making sure your IT is up to scratch
You might have read all this and felt a bit overwhelmed by the prospect of implementing all these cybersecurity measures. You might miss just a small hole in your raincoat and as a result, all your hard work will be set back. However, the good news is we can support you through this process! As your IT backbone, we’ll be happy to talk you through and assist in implementing Cyber Essentials five key controls. We can ensure your raincoat is up to scratch as we know what we’re looking for as both IT experts and as a Cyber Essentials Certified business.
We’ve been there done that and now want to help you get the raincoat.