Cyber Essentials

Cyber 101 Best Practices for Business

Cyber Essentials

Cyber Essentials is a UK government sponsored initiative for small to medium sized business to help protect them from modern day threats in an internet enabled age. Since it’s launch in 2014, only minor changes have been made and its core principles remain equally as valid today.

Cyber Essentials is a practical set of security controls that all businesses should employ as a base set of best-practice protections for their systems and information.

Widely adopted in the UK, Cyber Essentials is a requirement for all suppliers of UK central government contracts, as well as being enthusiastically taken up by private enterprise as a means of demonstrating compliance with NCSC good practices for information security.

There are two levels of certification that organisations can achieve Cyber Essentials and Cyber Essentials Plus.

Today, NCSC has made it even easier for small businesses to certify

So why would you need to pay for consulting? Simply put, you may not need us at all, in which case we provide the following information only as a recommendation to use how you will. As advocates of the excellent work NCSC does to protect small business, we implore all small businesses to take up the Cyber Essentials Scheme, and if you have sufficient understanding how to address the requirement, then there is no need for our help. If on the other hand your expertise is in making your business tick and not cyber, then we will be happy to advise you with as little help as necessary to get the job done.

So, here's our advice - and remember, if you do need us we're here to help...

The below outlines the process for both Cyber Essentials and Cyber Essentials Plus. We recommend organisations to review the information and guidance provided by the National Cyber Security Centre (NCSC) found here, as well as the below tool.

Cyber Essentials Readiness Tool, which has been developed by IASME on behalf of the NCSC – a part of GCHQ – asks organisations a series of questions related to the main Cyber Essentials criteria to help prepare them for certification.

And remember, most small business people are not “IT Professionals”, so if you need help to demystify the jargon, we’re at the end of the phone, call us on +44 (0)203 475 9932

An indapendantly verified self-assessment

Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.

All the self assessment questions are available to download for free in advance. Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).

IASME Fee's for self-assessment verification

For a technical audit of your systems

A qualified assessor examines the five controls, testing that they work through a technical audit.

Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).

 

Cyber Essentials Plus is £POA

Cyber Essential Plus Certification still has the same trademark simplicity of approach. The protections you need to have in place are the same, but this time the verification of your cyber security is carried out via a technical audit.

The Five Domains of Cyber Security

The five high level key control areas of Cyber Essentials are:

  1. Boundary firewalls and internet gateways
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

These are further broken down into more granular controls. The controls can also be mapped to other security management systems such as ISO/IEC 27001, although Cyber Essentials has a much narrower focus, emphasising technical controls rather than governance, risk and policy.

For free advice where to start or perform remediations for compliance, call us today on +44 (0)203 475 9932