What is the Cyber Essentials scheme and is it for you?
We have been helping several clients achieve Cyber Essentials accreditation recently so I thought it might be worth putting together a blog outlining what Cyber Essentials is and what the benefits of the scheme are.
What is Cyber Essentials?
Cyber Essentials is a UK government backed scheme launched in 2014 and aimed at helping organisations to protect against the most common forms of cyberattack. As we have written about before, the majority of cyberattacks are not hugely sophisticated operations but are fairly simple in nature. The aim of Cyber Essentials is to help organisations to protect themselves against these kinds of attacks.
The process of gaining Cyber Essentials certification will help you to protect your business against malware attacks, phishing, hacking and other common types of cyber security risk so it’s a very worthwhile exercise.
There are two levels of Cyber Essentials certification – Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a self-assessment scheme that is designed to protect you against a range of the most commonly encountered types of attack. Starting here gives you a good base of protection and it is important to pay attention to these basic types of attack as cyber criminals are often on the look out for organisations that fall victim to simple attacks as this then marks them out as potentially also being vulnerable to more sophisticated attacks. Cyber Essentials Plus covers the same ground but rather than being self-certifying, a hands-on technical verification is carried out.
If you opt for Cyber Essentials Plus you will still need to complete the base level Cyber Essentials self-certification assessment online prior to your Cyber Essentials Plus assessment. If you’ve already completed the self-certification this will be valid for Cyber Essentials Plus if you undertake that assessment within three months.
What does Cyber Essentials cover?
The certification process involves examining five key areas of your organisation’s IT infrastructure.
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security update management
What are the benefits of Cyber Essentials accreditation?
- The process of gaining Cyber Essentials accreditation will give you a clear picture of your organisation’s level of cyber security and flag up any potential issues or weak spots hopefully before they become problems.
- Customers these days are more and more concerned about cyber security and having Cyber Essentials accreditation is a good way of demonstrating that you take these concerns seriously.
- Depending on the nature of your organisation you may find that Cyber Essentials accreditation is a requirement of some contracts or clients – for example many government contracts these days require Cyber Essentials accreditation.
- Obtaining Cyber Essentials certification helps ensure elements of your GDPR compliance as it gives you protection against malware and other online security breaches that could lead to data leaks.
How much does Cyber Essentials cost?
The cost of Cyber Essentials self-assessment varies according to the size of your organisation. The cost of a Cyber Essentials Plus certification will vary depending on the complexity of your network and IT infrastructure.
0-9 employees £300 + VAT
10-49 employees £400 + VAT
50-249 employees £450 + VAT
250+ employees £500 + VAT
How can Allware help?
We can help you with getting you through Cyber Essentials by working through your IT infrastructure and giving guidance on any changes needed to bring you up to code. We will then work with a Cyber Essentials supplier to go through the myriad of questions that need to be answered and complied with to ensure you get through certification.