What is Cyber Essentials?
Cyber Essentials is a Government-backed and industry-supported scheme to help businesses protect themselves against cyber threats.
As reliance on internet technologies increases, so do the opportunities for criminals and hackers to commit fraud, industrial espionage or the theft of intellectual property. Cyber Essentials defines a set of 5 key security controls which, when properly implemented, will better protect businesses – small and large – from attacks using software and techniques which are freely available on the open internet.
Why Should You Consider Cyber Essentials?
You can prevent many attacks, which use freely available software and techniques, by implementing the Cyber Essentials 5 controls.
You can identify areas for improvement, even if your company has a proven track record of good security, by going through the assessment.
Your business can display the Cyber Essentials badge and demonstrate that it takes cyber security seriously by adhering to a widely-endorsed standard.
Essentials or Essentials Plus?
There are 2 levels of certification, Essentials and Essentials Plus. Once an organisation completes Cyber Essentials, the Plus certification is granted if a successful assessment takes place within 3 months.
Level 1: Cyber Essentials
This basic level of certification is awarded on the basis of a completed self-assessment questionnaire, which is verified by us.
Level 2: Cyber Essentials Plus
This is a higher level of assurance, and you will work with Protos Networks to test that the 5 key controls covered by Cyber Essentials are working in practice with simulated hacking and phishing attacks.
Protos Networks is accredited by IASME to assess and certify against the Government’s Cyber Essentials scheme requirements. We offer consulting services to assist organisations in achieving Cyber Essentials or Cyber Essentials Plus certifications.
1. Boundary Firewalls and Gateways
Use devices designed to prevent unauthorised access to or from private networks.
2. Secure Configuration
Ensure that systems are configured in the most secure way for the needs of the organisation.
3. Access Control
Ensure only those who should have access to systems are provided access at an appropriate level.
4. Malware Protection
Ensure that virus and malware protection is installed and up to date.
5. Patch Management
Ensure the latest supported version of applications is used, and all patches and updates applied.
Cyber Essentials focuses on internet-originated attacks against an organisation’s IT systems. There are 5 key controls included in the assessment. When implemented, these 5 key controls can help defend your IT systems from the majority of internet-based cyber threats.
With our support, you will be able to effectively complete a cybersecurity risk assessment and assess your systems to meet the requirements of the Cyber Essentials accreditation. You will complete a self-assessment, signed off by a senior executive or officer of the organisation. This self-assessment will be independently verified by us. We will work with you to help you understand any identified weaknesses in your cyber security and provide solutions to assist you in mitigating these risks.
Cyber Essentials Plus offers a higher level of assurance through the external testing of the organisation’s cyber security approach. Once you have received your Cyber Essentials accreditation and carried out any work to mitigate identified risks, we will run a series of penetration tests and carefully managed attacks to test your controls.
Upon successful completion of either stage of the Cyber Essentials scheme, you will receive a certificate and be entitled to display the appropriate Cyber Essentials or Cyber Essentials Plus badge.
Who is Cyber Essentials for?
Cyber Essentials is applicable to organisations of all sizes and in all sectors. We encourage all organisations to look at the requirements and adopt them. This is not limited to private sector companies, but is equally applicable to universities, charities, public sector and not-for-profit organisations.
How much does it cost to be certified?
The intention of the scheme is to be affordable to the greatest possible number of businesses. Costs will depend on the size of your organisation and the level of rigour you need to demonstrate. Contact Protos Networks today to find out more about the cost of Cyber Essentials and Cyber Essentials Plus accreditation.
What are the benefits of the scheme?
Cyber Essentials provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability. Organisations that are good at cyber security can make this a selling point – demonstrating to their customers, through Cyber Essentials, that they take cyber security seriously.
How will I show that I have been certified?
Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact.
Being able to advertise that you have met a Government-approved cyber security scheme will give you an edge over competitors in the same market.
When can I apply to the scheme?
The scheme is open now and available to all organisations. Contact Protos Networks today to start the process of Cyber Essentials accreditation.
Is there a time limit on Cyber Essentials accreditation?
The assessment process is a ‘snap shot’ in time and it can only be effective on the day of assessment, much like an MOT for a car. New vulnerabilities are identified daily and we recommend organisations maintain the principles and controls on an ongoing basis and not just as preparation for the award. Organisations must re-certify annually.
We already comply with a cyber security or information security standard - do I need to be assessed still?
Yes. You can gain the badge in addition to other schemes. The process of meeting the requirements of other standards may have included work which meets or partially meets the requirements for Cyber Essentials. Cyber Essentials will add value to the majority of organisations and demonstrate to customers and others that you take information security seriously. Contact us for information.
I have a secure website - do I still need to use Cyber Essentials?
A secure website may provide a secure link between you and your customer. Cyber Essentials aims to protect the data once it is stored within your systems. Again, whether you need certification by the scheme or not is your business decision.
Protos Networks can provide consultancy and advice to help you with this decision-making process
Is implementing just the Cyber Essentials controls enough?
Government will require all suppliers bidding for certain contracts, which are assessed as higher risk, to be Cyber Essentials certified. This is likely to include ICT and personal and sensitive information handling contracts.
Why does the profile focus on five controls and why those?
CESG (part of the National Cyber Security Centre, NCSC) has carried out an analysis of successful cyber attacks on a wide range of organisations. This analysis has helped identify the basic technical controls which most effectively mitigate cyber attacks by unsophisticated attackers using tools which are widely available on the internet. Cyber Essentials comprises the core actions necessary to reduce the majority of these threats.
Will Cyber Essentials stop me getting hacked?
Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. We believe that implementing these measures can significantly reduce an organisation’s vulnerability. However, it does not provide a ‘silver bullet’ to remove all cyber security risk and you should carry out further works to mitigate against more advanced attacks. Protos Networks can provide further advice and support.