A Guide to Cyber Essentials


Posted on: 04 December 2018
By: Jamie Turvey, Marketing Executive

With the arrival of GDPR earlier in the year, being compliant and holding accreditations that evidence your business is adhering to the best practices are essential in today’s modern working environment. Companies in the 21st century now have to be proactive in their approach to cyber security and businesses are no longer comfortable with being ‘sitting ducks’ when it comes to cyber-crime. With organisations keen to adhere to cyber security regulations there is no place better to start your cyber security journey than by obtaining a Cyber Essentials accreditation.

What is Cyber Essentials?

Launched back in 2014, the government-backed accreditation was introduced to offer businesses baseline cyber security to cover the basic protection from cyber-crime. In essence, it was introduced to make it easier for businesses to protect themselves and to encourage good cyber security practices.

It also offers organisations the opportunity to highlight their commitment to working securely so their customers can continue working with them, confident in the knowledge they are taking cyber security seriously and taking a proactive stance towards it.

Who is Cyber Essentials aimed at?

The vast majority of cyber-crime isn’t committed by state-sponsored agencies, political activists, a distant prince from a country you’ve never heard of or someone who sits behind their computer wearing an ‘anonymous’ mask. The average cyber-criminal doesn’t spend countless hours researching large organisations to target either. In fact, they’re opportunistic criminals, who could be anyone when they spot a poorly protected IT infrastructure.

A recent survey from Symantec, found that 43% of cyber-attacks against businesses worldwide target small companies. Cyber-criminals aren’t prejudice who they attack.

This is why Cyber Essentials was launched, to not only offer protection for larger organisations but also small to medium size businesses too, that are far too often overlooked. As the accreditation is also a cost-effective approach to cyber-crime it also allows the certification to be universal to businesses of all sizes as it doesn’t alienate businesses with its price-tag.

How Cyber Essentials can help your business security…

The UK Government believes that being Cyber Essentials accredited could prevent “around 80% of cyber-attacks” and is crucial in improving your cyber security.

It can improve your security by focusing on five key steps in order for you to be Cyber Essentials certified.

Controlled data

Cyber Essentials highlights gaps in your security and examines ways in which you control your business data. To be accredited you must control access to your data through user accounts and administration privileges should only be given to those that need them.

Use a firewall 

Obtaining a Cyber Essentials certification you must use a firewall to protect all your devices, particularly those that connect to public Wi-Fi networks.

Use only relevant and secure software

To achieve your accreditation you must demonstrate that you only use the necessary software, accounts and apps needed for your business.

Keep devices and software up-to-date

A Cyber Essentials certification requires that you keep all your devices, software and apps all up-to-date with the latest versions so there are no gaps in your security.

Protection from viruses and other malware

You must provide evidence that your business is implementing some form of anti-virus protection that is installed on your devices, whether that’s sandboxing, whitelisting or any anti-malware product (these are often included for free with popular operating systems).

What is Cyber Essentials Plus?

Cyber Essentials is a great framework to address the basics of cyber security, however, the Government has also launched Cyber Essentials Plus, which offers businesses the opportunity to take their security to the next level. This heightened level of protection involves an external certified body examining your cyber security. This may sound scary, but the whole process can be managed by a cyber managed service provider and businesses that fully prepare, often pass Cyber Essentials Plus first time.

The external governing body will examine the above five steps you needed for Cyber Essentials by testing them with simulated phishing attacks and a basic hacking procedure. To complete the Cyber Essentials Plus accreditation you will also need to pass a final technical audit.

Cyber Essentials Plus is aimed at businesses with a more complex IT infrastructure and by achieving it, you can reassure and demonstrate to your customers that you have a higher level of commitment to security, which will further increase their confidence in your business. 

How CyberGuard can help…

CyberGuard Technologies, a division of OGL Computer, a company that’s been in business for over 40 years, and understands the industry, can offer help and guidance on the best practices of being cyber-secure.

Our cyber team can guide your business through the steps to accreditation with the minimum of fuss. We offer three simple options:

  • Certification Readiness Package
  • Cyber Essentials Accreditation
  • Cyber Essentials Plus Accreditation

We’ll assist you through the whole process and will be on hand to help you with any questions you may have. Once passed, you’ll be able to display the Cyber Essentials logo on your website and marketing literature to demonstrate to your customers, suppliers, investors and stakeholders that your organisation is taking steps to protect against common cyber threats and you take cyber security seriously.

To find out more about Cyber Essentials, click here: https://www.ogl.co.uk/cyber-certification

If you would like to talk to one of our Security Consultants, contact us here and we’ll be happy to give you a call.

Sources:

https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/#gref

https://www.gov.uk/government/news/cyber-security-boost-for-uk-firms

https://www.cyberessentials.ncsc.gov.uk/advice/

We are currently recruiting for Web Developer, 1st Line Technical Apprentice, Technical Support Engineer Find out more >