What is Cyber Essentials?

Cyber Essentials SummaryCyber security issues impact on every organisation and any individual who connects to the Internet and whether we like it or not, we're facing a global threat that is agile, capable and ever evolving. In the UK alone, we're seeing 75,000 new variants of malicious software every day. Worldwide, there are 150,000 new users of the Internet every day.  So today's internet is quite different from last week's Internet, let alone last year's Internet.

Her Majesty's Government views this issue as a Tier 1 threat to the UK economy and to combat the issue it has collaborated with lead industry bodies to establish a set of basic requirements that will help to manage the risk. These requirements form the basis of the Cyber Essentials Scheme – a best practice initiative that applies to organisations large and small.  Cyber Essentials or Cyber Essentials Plus is already a mandatory requirement for any organisation working within supply chains of Public bodies.

The initiative is not designed to address more advanced, targeted attacks that may be mounted on larger organisations - it is specifically aimed at smaller organisations who may not have the resources available to specifically address this threat. Larger organisations will also need to consider additional measures as part of their overall strategy.

Who needs Cyber Essentials?

From 1 October 2014, the UK Government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.

On 25 March 2015, the Defence Cyber Protection Partnership (DCPP) launched its guidelines for Defence Contractors and have mandated that Cyber Essentials or Cyber Essentials Plus is implemented alongside other controls throughout the Defence Contractor's supply chain.

But its not just organisations working with the Public Sector or Ministry of Defence that should be looking at Cyber Essentials.

Cyber Essentials assessment and accreditation is a great way for you and your organisation to take a proactive look at your current security provisions, and see if they’re up to the mark. It puts you in control and proves to your suppliers and clients that you have a healthy attitude towards mitigating a very real and growing cyber threat.  Having a Cyber Essentials certification also means that you're reducing the ways that you could be compromised so that the bad guys are more likely to go for easier targets (and that could be your competition who don't have the certification!).

Cyber Essentials Certification

There are two levels of certification – Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials certification provides a basic level of confidence. It relies on the organisation having the skills necessary to answer a set of in-depth questions that are then verified by an independent Certification Body.

Cyber Essentials Plus certification is only awarded when the controls implemented under the Cyber Essentials scheme are then subjected to vulnerability testing through the use of an independent testing regime, therefor offering a higher level of assurance.

The process is primarily designed to enable organisations to prove that they have a responsible, structured and managed approach toward Internet based threats that could compromise data or systems. However, it is also an opportunity for applicants to examine and challenge their own control and management of of issues surrounding cyber security. Successful applicants will prove to themselves and their clients that they have a responsible attitude toward the control and management of security issues pertaining to Internet based threats and are therefor a low risk partner when communicating or exchanging data online.

Either scheme should be considered as a snapshot of the ability of the organisation under scrutiny to manage the risks from known Internet based threats at the time of the assessment. Sustainability will only be achieved by the implementation of ongoing information risk management protocols and procedures.

Compliance and The Law

Like it or not, you have legal obligations when you handle data. In the UK, these are governed by the provisions of the Data Protection Act (1998) and enforcement comes courtesy of the Information Commissioner’s Office (ICO). You can check on their effectiveness here.

Being accredited with Cyber Essentials or Cyber Essentials Plus is an excellent way of proving to all concerned that your serious about your online security and protecting data.

How We Can Help You

Cyber Essentials Certification needs preparation and SJG Digital can help by preparing you for the assessment.  If you discover any shortcomings with your current network structure, software or hardware we can also look at this with you, and supply and configure any hardware or software that you might need. We can also  perform any vulnerability scans or health checks if you are moving ahead to Cyber Essentials Plus certification. 

We have two packages to help you prepare for successful assessment- the Cyber Essentials Support package or the Cyber Essentials Plus Support package. When you order either package through our website, we'll get in touch with you to discuss your accreditation process. It's as easy as that. If you'd like an informal chat, call us now on 01673 898001.

Further Reading

Cyber Essentials Scheme Overview
Defence Cyber Protection Partnership - Cyber Risk Profiles