Cyber Essentials Guide: What You Need to Know

Cyber Essentials & Cyber Essentials Plus logos

In 2014, the National Cyber Security Centre (NCSC) launched Cyber Essentials, a government-backed scheme to help organisations guard against cyber threats

As we know, cyber attacks come in all shapes and sizes. From large-scale data breaches to your daily phishing attempt, cyber criminals are everywhere. Certifying in Cyber Essentials ensures your organisation has the right controls to prevent these attacks. 

This blog will outline the basics of Cyber Essentials, including what’s involved and how it can benefit your business. Keep reading to learn more. 

What Is Cyber Essentials?

Cyber Essentials is an online self-assessment of five technical controls all organisations must have to protect themselves against common security threats. The government started the Cyber Essentials scheme to create a safer internet space as the world grows increasingly online. 

This scheme includes two levels: foundation and higher tier. Cyber Essentials is the former and certifies that your organisation has implemented basic cyber security controls. The IASME Consortium manages the certification process and licence bodies to certify UK businesses.

If successful, the Cyber Essentials certification will last for 12 months. After this point, you will have to revalidate. 

What Is Cyber Essentials Plus?

Cyber Essentials Plus is the highest certification level under the Cyber Essentials scheme. This certification includes the same technical control self-assessment and an on-hand technical verification of your systems. 

A certification body, like Data Protection People, will send an expert assessor to audit your organisation’s IT systems. The aim is to verify what you stated in your online self-assessment. We will conduct vulnerability scans, test email and browser configurations and identify areas requiring imminent action. 

If the identified issues are not resolved, your application will fail. However, our cyber security experts will give you direction and a fixed timeframe to remediate. This certification lasts 12 months, after which you must revalidate.

Do I Need to Certify in Cyber Essentials Before Moving on to Cyber Essentials Plus?

The same Cyber Essentials self-assessment is part of both certification levels. As such, you must complete the self-assessment before the Cyber Essentials Plus technical audit. The assessor relies on your assessment to validate whether you have the basic controls in place.

Another option is to complete the Cyber Essentials foundation certification and go on to the higher course within three months of obtaining it.

What Are the 5 Controls in Cyber Essentials? 

The self-assessment questionnaire covers five basic controls that prevent vulnerabilities and avoid cyber attacks. These include:

  1. Firewalls – Firewalls monitor incoming and outgoing network traffic based on your organisation’s security rules. Having a firewall in place will identify, prevent and stop external threats.   
  2. Secure Configuration – This control refers to whether you implement the correct configurations for network devices and servers. 
  3. User Access Controls – How many people in your team have administrator rights? Your organisation must set strict user controls that limit access to confidential data to authorised employees.   
  4. Malware ProtectionMalware is malicious software that steals data, destroys files and blocks user access. This control considers whether your business has tools installed to protect your systems from malware attacks. 
  5. Patch Management – This covers whether your organisation’s devices and operating systems undergo frequent patching and updates. 

Need help meeting Cyber Essentials controls? Data Protection People are cyber security and data protection experts who can assist you in getting the support you need.

Benefits of Cyber Essentials Plus

  • Identify vulnerabilities in a robust, independent audit and prevent up to 80% of cyber attacks; 
  • Build trust with your existing customers that you take cyber security seriously;
  • Bring in new business with the reassurance that their data and operations are safe from cyber threats;  
  • Receive automatic cyber liability insurance if your organisation certifies whole operations and has less than £20m annual turnover; and, 
  • Work with the UK government and the Ministry of Defence (MOD). 

Get Certified in Cyber Essentials Plus Today

As an official certification body, we can simplify your organisation’s path to achieving a Cyber Essentials Plus certification. Our experienced assessors offer end-to-end support and provide you with the latest knowledge and insight to guide your next steps.

Contact Data Protection People about our Cyber Essentials Plus service today.