Back in 2014 it became compulsory to be cyber essentials certified if your organisation is bidding for Government tenders. But what about organisations who only deal in the private sector? Is it really ‘essential’? In this post we explore what it means to be Cyber Essentials certified and the benefits it brings to your business.
What is Cyber Essentials?
The Cyber Essentials scheme, backed by the Government is designed to help organisations protect themselves from common cyber attacks. The scheme requires you to have certain security measures in place to become certified. These measures include:
- Ensuring you have suitable Hardware & Software Firewalls within your office networks
- Ensuring you have a suitable antivirus installed on all Endpoint/Server machines.
- Ensuring all Endpoint/Server/Mobile devices are up to date within a few days of release date
- Ensuring all corporate devices are centrally managed and controlled
- Ensuring all User Accounts are centrally managed and controlled
Difference between Cyber Essentials and Cyber Essentials Plus
Cyber Essentials is a self assessment, which can be completed via an online form, the responses are then independently reviewed by an external certifying body.
The Cyber Essentials assessment involves one vulnerability scan:
- This identifies open ports and incorrect firewall configuration on your network hardware firewalls.
Cyber Essentials Plus has exactly the same requirements as Cyber Essentials. However, the main difference is that Cyber Essentials Plus requires an independent assessment of the security measures implemented, to verify that you meet the 5 technical security measures as mentioned above.
The Cyber Essentials Plus assessment involves 2 vulnerability scans:
- This identifies unpatched/unsupported software on all endpoint/server machines.
- This identifies open ports, incorrect firewall configuration on your network hardware firewalls.
Cyber Essentials Plus certification can be difficult to achieve without the correct preparation and assessment.
Benefits of Cyber Essentials certification
- Work in the public sector: A mandatory requirement when bidding for Government contracts
- Reassurance: Demonstrates to customers, suppliers and other stakeholders that the most important cyber security controls have been implemented
- Protect your business! Government suggests that a certified organisation will be protected from 80% of cyber attacks
So is Cyber Essentials essential?
Though it may not be essential (unless bidding for Government tenders), we believe being Cyber Essentials certified is good practice for any business based on the above points. Even the process of becoming certified can help spot shortfalls in your existing IT security which may have been missed.
Why choose Bristol IT Company?
Bristol IT Company has considerable experience supporting organisations in becoming cyber essentials certified and ensure it’s a smooth, hassle-free process. Our security specialists have a wealth of experience in the cybersecurity space. If you’re lacking a security measure needed to becoming certified, we can recommend (and implement) the most suitable solution. Whether you are bidding for government tenders or not, showing that your business is cyber essentials certified demonstrates that you take cybersecurity very seriously.
A note from one our clients in the healthcare industry who recently obtained their Cyber Essentials and Cyber Essentials Plus Certifications with the support of Bristol IT:
“I wanted to write to you and let you know how supportive Bristol IT and especially Alex have been throughout our accreditation process which we successfully completed. Our accreditation was scheduled for when I was away on paternity leave and the work that Alex and the rest of your team did gave me peace of mind whilst I as away.
The service that you provide has always been second to none and if I would have continued with my own IT consultancy business your delivery model is what I would of aimed of”
Contact us today to make the first step in becoming Cyber Essentials certified.