Cyber Essentials is a scheme by the UK Government’s National Cyber Security Centre (NCSC). It outlines a set of measures you can introduce to protect your organisation against some of the most common cyber-attacks.
In this post we’ll provide an essential introduction to the Cyber Essentials scheme for businesses, outlining the measures you can introduce today to strengthen your cybersecurity.
Want to discuss your cyber security risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.
What is Cyber Essentials?
Cyber Essentials is a Government backed scheme to help you protect your organisation from cyber-attacks, while also demonstrating to your clients and customers that you take cybersecurity seriously.
The scheme involves two levels of certification:
- Cyber Essentials – A self-assessment option that will show you how to address the basics of cyber-security and prevent the most common forms of cyberattack.
- Cyber Essentials Plus – This includes all the resources and guidance you’d get with the essentials certification, with an added hands-on technical verification service. If you don’t want this verification, you also have the option of familiarising yourself with cyber security terminology, so that you can work to begin securing your IT systems yourself.
Who is Cyber Essentials For?
NCSC suggests that Cyber Essentials is “ideal if you work with government”. This is because Cyber Essentials Certification is now required if you’d like to bid for any central government contract that involves handling sensitive and personal information.
However, the cybersecurity measures the scheme outlines are suitable for any organisation of any size.
Benefits of Getting Cyber Essentials Certification
- Get a thorough overview of your organisation’s current cybersecurity level, along with insights into any current vulnerabilities and possible areas of improvement.
- As awareness of the risks of cybercrime grows, clients and customers may prefer to work with businesses that take cybersecurity seriously. An official Government-backed Cyber Essentials Certificate will help you reassure your existing customers while also attracting new business.
- Get listed on the official directory of organisations awarded Cyber Essentials.
The Cyber Essentials Checklist: Examples
To get Cyber Essentials certification, your business will have to complete a self-assessment question set. Your IT infrastructure will also have to meet certain requirements.
Here are some examples of the sort of things you’ll have to consider when assessing your current cybersecurity levels:
- The total quantity of devices you’re assessing, along with the operating system for each one. You’ll have to list all laptops, desktops, virtual desktops, tablets, mobile devices, servers, virtual servers, virtual server hosts, networks, and more.
- The quantity of your staff who work from home. This is because remote working can raise some additional IT security risks.
- Do you have firewalls and boundaries between your business’s internal networks, laptops, desktops, servers, and the internet?
- Have you changed all the default passwords on your internet routers or hardware firewall devices?
- How do you ensure that devices are protected when they’re used away from the workplace?
- When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed? If so, what method do you use?
- Are all operating systems on your devices supported by a vendor that produces regular security updates? This is important, because some operating systems are no longer supported with security updates.
- List the internet browsers you and employees use, plus the malware protection software you use, along with the version.
You can download the full set of self-assessment questions. They’re available in English and Welsh.
How to Get Started With Cyber Essentials
For a full pricing plan, along with some additional resources to help you get started, head to the official Cyber Essentials Certification site.
Cyber Liability Insurance
Any UK business that certifies their whole organisation, and that has less than £20m annual turnover, is eligible for free cyber liability insurance upon obtaining either Cyber Essentials certification, or Cyber Essentials Plus. You can opt out of this cover when completing your self-assessment.
This initiative should help many smaller businesses avoid underinsurance. However, cybersecurity is such a broad and complex issue, and different organisations will face different risks. The automatic insurance offered by the Cyber Essentials scheme may not cover your business for all risks. Plus, larger companies are ineligible for the inclusive cover anyway.
Cyber insurance is something that businesses can no longer do without. So if you have any questions about business insurance, or if you want to discuss what level of cyber insurance cover is right for you, we have a team of experts ready to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.