Blog
FAQ: What is Cyber Essentials?
July 2nd, 2018
Cyber Essentials is a government-backed scheme designed to help organisations of all sizes reduce their risk of common cyber-attacks. It allows businesses to obtain one of two Cyber Essentials badges and has the support of industry organisations like the Federation of Small Businesses, the CBI and numerous insurance organisations.
What are the certification levels?
There are two levels of certification available: Cyber Essentials and Cyber Essentials Plus.
What are the requirements?
In order to become certified your IT infrastructure must meet specific requirements. These are defined by five technical controls:
- Firewalls – You must configure and use a firewall to protect all devices, particularly those that connect to public or other untrusted wifi networks
- Secure Configuration – Only use necessary software, accounts and apps
- User Access Control – You must control access to your data through user accounts. Only give administrative privileges to those who require them and control what an administrator can do on those accounts
- Malware Protection – You must implement at least one measure (e.g. Anti Malware, Whitelisting, Sandboxing) to defend against malware
- Patch Management – You must keep all your devices, software and apps up to date
Companies applying will also need to test all their in-scope public-facing IPs. For most companies, this will be the block of IP addresses they get from their internet service provider, but it also includes IP addresses at all in-scope locations like data centres and cloud providers.
You can exclude IP addresses from tested if you do not have control of the security configuration of the service, for example where the address belongs to the cloud provider.
Cyber Essentials Plus also includes a technical audit of in-scope systems. This includes a representative set of workstations, mobile devices and build types in use by the organisation which an unauthorised user could access.
To determine the number of build types you must review the number of operating systems and software suites installed. For instance, if more than one browser or Office suite is used then each variant will need to be tested.
What are the benefits of Cyber Essentials?
- Protects your organisation from approximately 80% of cyber-attacks, according to the UK government.
- Demonstrates your commitment to security and data protection to customers and stakeholders.
- Boosts your reputation and increases your chance of securing new business by showing you have cyber-security measures in place.
- Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MoD.
- Lets you focus on your business objectives, knowing you are secure.
What are the requirements for Cyber Essentials certification?
- Firstly, complete a self-assessment questionnaire.
- Then, a senior company representative signs off the questionnaire.
- An external certification body then verifies the questionnaire.
- The external certification body undertakes an external vulnerability scan of Internet-facing. networks and applications to verify there are no known vulnerabilities present.
What are the requirements for Cyber Essentials Plus certification?
- Firstly, complete a self-assessment questionnaire.
- Senior company representative signs off the questionnaire.
- Then, an external certification body then verifies the questionnaire.
- The external certification body undertakes an external vulnerability scan of Internet-facing. networks and applications to verify there are no known vulnerabilities present.
- They will also test the security and anti-malware configuration of each device type/build. This is done using malicious email attachments and web-downloadable binaries, including an on-site assessment.
How to get Cyber Essentials certified
QuoStar offers a Cyber Essentials consultancy service for organisations that require additional guidance. Our service includes Gap Analysis, technical support and guidance to implement the required controls, practical advice to ensure ongoing security and guaranteed certification. Please click here for more information on our Cyber Essentials consultancy service.
Benefits of IT Outsourcing for growing businesses
The benefits of IT outsourcing can give you a great advantage over the competition. In an increasingly competitive business environment, having a competitive edge is vital to helping your business to survive and grow. The benefits of IT outsourcing can be vast. Outsourcing your IT to an outside provider is one way to gain this […]
4 common IT support misconceptions
As businesses seek to become more efficient and productive, the trend for outsourcing is expanding across the globe. Many IT managers and business leaders are looking to managed IT support providers, but there are still several concerns about outsourcing versus hiring and developing an internal team. Below are some of the most common misconceptions and […]
Why you should switch to Office 365
Microsoft’s Office has been a staple for businesses for many years and that’s not about to change. Office 365 is the name for the package which includes the suite of Microsoft’s core programs as well as a cloud service, letting you stay connected wherever you are. But why should you switch to it? And what […]