Peter Hall
September 14 2023
So, we’ve all heard the saying ‘look after the pennies and the pounds will look after themselves’, right? Well, this principle applies to your cyber security posture too. For example, if you take really good care of the basics by ensuring that all your employees have adequate security training, and you create an internal cyber aware culture, then you have already protected your organisation from some of the most common cyber threats, such as phishing and password attacks. A great way to implement these basics is through a Cyber Essentials certification.
We understand that beginning your cyber security journey may be daunting, so Cyber Essentials is a great way to get an understanding of your security posture and the measures your organisation can take to protect your information assets.
Cyber Essentials was introduced by the UK Government and UK Ministry of Defence in 2014, and it was specifically designed to help organisations mitigate 80% of cyber threats by implementing a common standard for protection. The National Cyber Security Centre encourages all organisations that are based in or trading with the UK, to implement the Cyber Essentials scheme.
Upon passing the scheme, organisations receive a Cyber Essentials certification, a listing on the Cyber Essentials database, and may also be entitled to Cyber Insurance. Cyber Essentials can be used either to certify the entire organisation, or it can be focused on a specific business unit provided that there is suitable network segregation.
There are two levels to the Cyber Essentials scheme:
Cyber Essentials Basic requires organisations to answer a series of questions, in the form of a Self-Assessment Questionnaire, covering key aspects of their information security - this helps to gain an understanding of the organisations strengths and identify their weaknesses.
Once the organisation has Cyber Essentials Basic, they are able to apply for Cyber Essentials Plus. This involves a manual assessment of the technical controls and protections put in place within an organisation to secure it against common threats. Coupled with Cyber Essentials Basic, this provides a deeper assurance that corporate data and vital systems are protected.
Please note that the prerequisite for obtaining the Cyber Essentials Plus certification is having achieved Cyber Essentials Basic certification within three months prior.
Cybersecurity plays a vital role in safeguarding an organisations sensitive information, digital assets, and critical systems from threats in today’s ever growing digital landscape. Failure to implement cybersecurity protections can lead to disruption of business continuity, financial stability, and information security. This is likely to damage the organizational reputation and shatter the trust between the organisation and their clients.
Up until July 2023 the UK has already seen 694 data breaches this year, compromising over 612 million documents. The current prominence of Cyber Essentials is no coincidence since breaches have become equally more frequent and sophisticated – Cyber Essentials is a holistic approach that encompasses the foundational cybersecurity practices that organisations must implement to ensure a robust defence against cyberattacks and to safeguard sensitive information.
The next few parts of our mini-series will provide you with further guidance on where to get started with cyber essentials and some top cyber essentials tips.