Protect your business from Cyber Crime – Get Cyber Essentials certified

Introduced in 2014, the Government-backed, industry-led Cyber Essentials scheme is designed to help businesses protect themselves from the most common online threats. The scheme promotes the application of ‘5 technical controls’ in order to achieve this aim and offers 2 levels of certification to businesses which apply these controls effectively. The 2 levels of accreditation are:

• Cyber Essentials
• Cyber Essentials Plus

Why would I want Cyber Essentials accreditation?

It provides a firm foundation for your cyber defences. Designed to defend against the most common cyber threats rather than make your network an impenetrable fortress, implementation of Cyber Essentials is estimated to provide protection against roughly 80% of threats. Therefore, it provides a great base upon which to build further protection.

It’s required if you wish to bid for certain contracts. Certain government contracts now require bidding companies to hold Cyber Essentials accreditation. Some contracts require Cyber Essentials as the minimum certification, and many require a bidding company to hold Cyber Essentials plus for contracts involving the handling of more sensitive data.

It will help you satisfy certain obligations under GDPR. GDPR’s security principle states that personal data should be:

‘Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’

Cyber essentials require the application of certain technical controls in order to safeguard sensitive data. Therefore, Cyber Essentials will help you satisfy the Security Principle of GDPR and prove your commitment to the safe handling of personal data.

Your business will appear professional and trustworthy. Accredited companies are able to display their Cyber Essentials accreditation on their website. This will enable you to display your commitment to rigorous Cyber Security practices and reassure current and potential customers that you can be trusted with their personal data.

It could prove a smart long-term investment. Certification requires a small investment today, but the longer-term financial benefits could be profound. Once accredited, your business could enjoy ‘Cyber liability insurance’ – £25,000 worth of cover against Cyber attacks. Even if your business isn’t eligible for this cover (your turnover exceeds £20m), you’ll likely benefit from lower insurance premiums.

Cyber Attacks can be costly, with the average attack resulting in £6500 worth of financial damage to SMEs. Cyber Essentials will acts as a barrier to the bulk of online threats so you’re less likely to face business-crippling downtime, plus the reputation-enhancing effects of accreditation may help you boost revenue by attracting new customers. With certification starting at just £300 per year we reckon the potential benefits justify the cost.

I’m sold, so how does the process work?

As previously mentioned, there are 2 levels of accreditation – Cyber Essentials and Cyber Essentials plus – and as you might expect, the process is different for each.

Cyber Essentials

Price: £300 plus VAT

The basic Cyber Essentials accreditation is achieved through the completion of an online, self-assessment exercise which is then assessed and graded by the certification body. After initial payment access will be granted to an online portal which gives you 3 months to submit your completed self-assessment.

The assessment only takes a couple of hours to complete, so 3 months may seem like an excessive amount of time. However, should any areas need improvement you’ll only get one chance to make changes and a 3-day time limit will apply – so it’s best to take your time and get it right first time.

Cyber Essentials Plus

Price: £1999-£2199 plus VAT

Cyber Essentials plus doesn’t’ require the application of any additional or more advanced technical controls, the only difference is the assessment process, which will feature an on-site technical verification by a qualified assessor. You’ll be required to successfully complete the self-assessment required for the basic certification – either independently within the previous 3 months, or at the beginning of the ‘plus’ process.

The on-site assessment may sound daunting, but it does nothing more than confirm the veracity of the answers you submitted in the self-assessment – assuring that the technical measures required are being implemented. Failing the on-site assessment can be a stressful experience; you’ll have 30 days to make the required changes and if these changes don’t meet the required standard, you’ll have to begin the process again. Because of the cost implications of failing the Cyber Essentials Plus assessment, many firms seek professional advice to ensure they pass first time.

What are the 5 technical controls I must implement?

Cyber Essentials requires the practical application of 5 technical measures, these are known as the ‘5 controls.’ These measures are not optional; all businesses which undergo assessment are required to implement them without exception.

The 5 controls are:

1. Firewalls
2. Secure Configuration
3. Applying Access Controls
4. Anti-Malware measures
5. System maintenance

Before embarking on your Cyber Essentials journey it’s a good idea to gain an understanding of what is meant by each of these measures and how you can go about applying them to your business’ IT infrastructure. In this short blog series, we shall explore each of the 5 controls individually, so that you can apply the required technical measures and achieve Cyber Essentials accreditation with confidence.

Here at 4TC, we can help your business with all aspects of cybersecurity.

Our expertise covers a wide range of bases, from proactive maintenance and Backups to full-network anti-virus and managed anti-spam solutions.  We provide managed services, project management and advice to ensure the businesses we work with remain out-of-bounds to Cybercriminals.