Everything you need to know about Cyber Essentials
Companies in the 21st century now have to be proactive in their approach to cyber security and businesses are no longer comfortable with being ‘sitting ducks’ when it comes to cyber-crime. With organisations keen to adhere to cyber security regulations there is no place better to start your cyber security journey than by obtaining a Cyber Essentials accreditation.
With the arrival of GDPR in 2018, being compliant and holding accreditations that evidence your business is adhering to the best practices are essential in today’s modern working environment.
What is Cyber Essentials?
Cyber Essentials is a government-backed accreditation that was introduced back in 2014, and offers businesses baseline cyber security to cover the basic protection from cyber-crime. This scheme was introduced to make it easier for businesses to protect themselves and to encourage good cyber security practices.
Cyber Essentials also offers organisations the opportunity to highlight their commitment to working securely so their customers can continue working with them, confident in the knowledge they are taking cyber security seriously and taking a proactive stance towards it.
Who is Cyber Essentials aimed at?
Cyber Essentials offers protection for small, medium and large businesses who’re often overlooked when it comes to cyber-security protection. Cyber Essentials is a cost-effective way for businesses to approach their cyber-security strategy, and the certification is universal to businesses of all sizes. The best part is that it doesn’t alienate with its price-tag.
The vast majority of cyber-crime isn’t committed by state-sponsored agencies, political activists, a distant prince from a country you’ve never heard of or someone who sits behind their computer wearing an ‘anonymous’ mask. The average cyber-criminal doesn’t spend countless hours researching large organisations to target either. In fact, they’re opportunistic criminals, and look for poorly protected IT infrastructures that are often found in smaller enterprises. A recent survey from Symantec, found that 43% of cyber-attacks against businesses worldwide target small companies, proving that cyber-criminals aren’t prejudice who they attack.
How can Cyber Essentials help your business?
The UK Government believes that being Cyber Essentials accredited could prevent “around 80% of cyber-attacks” and is crucial in improving your cyber security.
It can improve your security by focusing on five key steps, so that you can be Cyber Essentials certified.
Cyber Essentials highlights gaps in your security and examines ways in which you control your business data. To be accredited you must control access to your data through user accounts and administration privileges should only be given to those that need them.
Use a firewall
To obtain a Cyber Essentials certification, you must use a firewall to protect all your devices, particularly those that connect to public Wi-Fi networks.
Use only relevant and secure software
To achieve your accreditation, you must demonstrate that you only use the necessary software, accounts and apps needed for your business.
Keep devices and software up-to-date
A Cyber Essentials certification requires that you keep all your devices, software and apps all up-to-date with the latest versions and patches, so there are no gaps in your security.
Protection from viruses and other malware
You must provide evidence that your business is implementing some form of anti-virus protection that is installed on your devices, whether that’s sandboxing, whitelisting or any anti-malware product (these are often included for free with popular operating systems).
What is Cyber Essentials Plus?
Cyber Essentials is a great framework to address the basics of cyber security, however, the Government has also launched Cyber Essentials Plus, which offers businesses the opportunity to take their security to the next level. This heightened level of protection involves an external certified body examining your cyber security. This may sound scary, but the whole process can be managed by a cyber managed service provider and businesses that fully prepare, often pass Cyber Essentials Plus first time.
The external governing body will examine the above five steps you needed for Cyber Essentials by testing them with simulated phishing attacks and a basic hacking procedure. To complete the Cyber Essentials Plus accreditation you will also need to pass a final technical audit.
Cyber Essentials Plus is aimed at businesses with a more complex IT infrastructure and by achieving it, you can reassure and demonstrate to your customers that you have a higher level of commitment to security, which will further increase their confidence in your business.
How CyberGuard can help...
CyberGuard Technologies, a division of OGL Computer, a company that’s been in business for over 40 years, and understands the industry, can offer help and guidance on the best practices of being cyber-secure.
Our cyber team can guide your business through the steps to accreditation with the minimum of fuss. We offer three simple options:
- Certification Readiness Package
- Cyber Essentials Accreditation
- Cyber Essentials Plus Accreditation
We’ll assist you through the whole process and will be on hand to help you with any questions you may have. Once passed, you’ll be able to display the Cyber Essentials logo on your website and marketing literature to demonstrate to your customers, suppliers, investors and stakeholders that your organisation is taking steps to protect against common cyber threats and you take cyber security seriously.
To find out more about Cyber Essentials, please visit: https://www.ogl.co.uk/cyber-security-certification
If you would like to talk to one of our Security Consultants, contact us here and we’ll be happy to give you a call.