What is Cyber Essentials?
Cyber Essentials is a government-backed initiative through NCSC that provides robust protection for organisations of all sizes against a wide array of common cyber threats.
Cyberattacks vary in sophistication, but many are rudimentary attempts by less skilled individuals. They resemble a digital version of testing if your front door is unlocked. Our guidance aims to thwart these basic attacks.
Certification is available at two levels:
- Cyber Essentials: The self-assessment option safeguards businesses against numerous common cyber threats. This is crucial because susceptibility to basic attacks can make your organisation a target for more thorough cybercriminal scrutiny. Certification offers assurance that your defences will deter the majority of these commonplace attacks. It equips you with the knowledge to address fundamentals and thwart the most prevalent threats.
- Cyber Essentials Plus: This level retains Cyber Essentials’ straightforward approach, with identical protective measures. However, Cyber Essentials Plus involves a hands-on technical assessment to verify your security measures.
Alternatively, you can familiarise yourself with cyber security terminology and acquire enough knowledge to commence securing your IT infrastructure.
What it does right:
- it makes you think about security and what you should consider doing to protect your business
- it includes useful, practical tests (Cyber Essentials Plus). Whilst some may argue these aren’t as complete as other tests they are a very good place to start and are very valuable
- it addresses some of the main problems your business faces; it provides a baseline threat assessment for you (i.e. CES has already worked out what the top threats to your business are likely to be), and then it includes test to see how your defences line up to mitigate them.
- it recognises the end user device and it’s role in the security of your business
- it let’s you know what you can do to provide good cyber hygiene and informs you (you will learn from it)
Our advice for those business owners of UK companies of all sizes is this:
You may be daunted by the tests or the process. Start by downloading the questionnaire . Hand it to the person in charge of your IT/IS, or read it yourself and fill it in using your knowledge or your IT. You will feel better informed.
You can then start to think about how you would fair in the ‘Cyber Essentials Plus’ assessment. Identify cost effective ways to make improvements. Create a ‘get well plan’. Identify people and skills and roles – do you have the people and skills to make things better? View it as an IT Security MOT. Some bits you can fix yourself, some you will need expert help with. But if you don’t do anything it’s like driving without an MOT: your business may not be roadworthy or safe in cyber space.
It’s important to understand that all organisations are now cyber targets, but most aren’t targets of sophisticated attacks and so the basics and good cyber hygiene are critical to reduce your risk of a breach.