Cyber security is at the forefront of many business owners’ minds, says Sam Jones, of Cyber Tec Security. A plethora of cyber security solutions on the market can be overwhelming, especially for small businesses. These organisations are now turning to schemes like Cyber Essentials to help establish best practices and controls for protection against cyber threats.
What is Cyber Essentials?
Cyber Essentials is a Government operated scheme led by the National Cyber Security Centre (NCSC), which was designed to help businesses take action towards reducing their cyber risk and build strong, cyber secure foundations. The scheme, initially introduced in 2014, has risen in popularity over the years and is now often a prerequisite for certain contracts, both in the public and private sectors.
Achieved in two stages, Cyber Essentials can help businesses reduce the risk of being attacked by up to 80 per cent. Although many of the requirements of Cyber Essentials are fairly basic, the vast majority of SMEs do not have the controls, processes and policies outlined by the standard, in place.
Cyber Essentials provides a straightforward way for businesses to learn exactly what they need to have implemented in order to achieve a base level of good cyber security, and avoids over complicating things by boiling it down to 5 key areas:
●Firewalls and Internet Gateways
●Secure Configuration
●Patch Management
●Access Control; and
●Malware Protection.
How does Cyber Essentials work?
In essence, Cyber Essentials is a badge that confirms your business is committed to cyber security and the data protection of your customers, suppliers, partners, and stakeholders. Achieving the badge requires the involvement of a qualified Certification Body under IASME (The Information Assurance for Small and Medium Enterprises Consortium), who became the sole delivery partner of the NCSC for the scheme in April 2020.
At the basic Cyber Essentials level, businesses must submit an online questionnaire, completed by an in-house IT department or external IT provider. Answers then get reviewed by a Certification Body and if the organisation has met all the requirements, they will be awarded certification.
The Plus stage requires a more thorough investigation of the business’ security, whereby the Certification Body actually scans your systems to verify whether or not you are in line with the standard. Cyber Essentials Plus is often favoured for this reason, because businesses can feel fully confident that their security levels have been verified by specialists to ensure they are compliant.
Why get certified?
Cyber security can often seem daunting to businesses and is usually thought to be cost and resource heavy, leading to many businesses putting it on the back-burner. Despite there being many extravagant and costly cyber security solutions out there, Cyber Essentials provides a simple and affordable alternative.
Aside from the improved security that comes with a Cyber Essentials certification, getting certified can open your door to a lot of other great benefits. A security badge under your belt can help to win business opportunities as new clients and business partners will prefer to work with a secure organisation that will protect their data, and a Cyber Essentials badge shows that you take cyber security and data protection seriously. With cyber attacks hitting the headlines daily, particularly those involving supply chains, organisations are becoming more careful about who they do business with. Acquiring a certification like Cyber Essentials can therefore help you stay ahead of competitors and present yourself as the more secure option for clients, suppliers and partners.
Another kind of company who will be interested in seeing that you are certified are insurance providers. The Cyber Essentials scheme actually includes free cyber insurance for certain businesses, but if you wanted to upgrade this to more extensive cover, you are likely to be given a reduced premium because it is clear you have already put cyber security measures in place to prevent an attack.
More and more companies are generally being required to achieve Cyber Essentials and it is predicted that this rise in demand will continue. Contracts with the Government, MOD and NHS all require Cyber Essentials from their suppliers and many large private organisations are starting to do the same. It is also the official recommendation of many professional associations within industries such as the Law Society for the legal sector and the Finance Conduct Authority for the finance sector.
Standards like Cyber Essentials are going to continue to play a big role in helping small to medium sized businesses address their cyber security, especially with an ever-evolving cyber threat landscape. As the scheme continues to grow, Cyber Essentials will be mandated more often, so staying ahead and getting certified now will ensure your business is secure as well as preventing any issues or delays when you come to bid for tenders that expect you to have it.
