Mar
10

Cyber Essentials: What Is It?

Cyber Essentials – helping you keep your business secure

Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber attacks”.

There are two levels of certification: Cyber Essentials and Cyber Essentials Plus.

 Cyber Essentials 3

 Who is the Cyber Essentials scheme applicable to?

  • Organisations that use Internet-connected systems
  • Organisations that use Internet-connected end-user devices such as computers, mobile phones, printers, tablets, servers and laptops

Five key controls required for both levels of the scheme:

  • Secure Configuration
  • Boundary firewalls and Internet gateways
  • Access controls and administrative privilege management
  • Patch management
  • Malware protection

With Cyber Essentials you can:

  • focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks
  • drive business efficiency, save money and improve productivity through the streamlining of processes
  • reduce your insurance premiums
  • increase your resistance to cyber threats
  • demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks
  • bid for UK Government contracts that involve the handling of personal and sensitive information.

Assessment methodologies for Cyber Essentials and Cyber Essentials Plus:

Cyber Essentials 3

  • A verified self-assessment questionnaire
  • An external vulnerability scan of Internet-facing networks and applications to verify that there are no known vulnerabilities present
  • This extra scan provides an independently verified view of the organisation’s security posture

Cyber-Essentials-2

  • Includes all the assessments for the Cyber Essentials level plus an additional internal scan and on-site assessment to test:
  • the security and anti-malware configuration of each device type
  • patch levels and system configuration
  • whether the organisation’s systems are resistant to malicious email attachments and web-downloadable binaries.

The background of the Cyber Essentials scheme

The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Programme. Realising that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.

  • Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats.
  • The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of cyber risks.
  • A recent report by the government UK cyber security: the role of insurance in managing and mitigating the risk revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.
  • Cyber Essentials enables companies to successfully tender for government contracts. View the UK Government’s procurement policy notice here.

The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,200 organisations have adopted the scheme to date. Insurance firms have recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk.