Staying secure for any size organisation is a top priority. Earlier this year, the UK Government Cyber Security Breaches Survey revealed that 50% of UK businesses had suffered a cyber-attack or security breach in the previous 12 months, up from 39% in 2022. With cyber threats on the rise, and as you look to protect valuable data and maintain customer trust, implementing the right security processes is more than essential.
One step that businesses can take is gaining a Cyber Essentials accreditation – which is a government backed scheme that provides businesses of all sizes the assurance that they are taking measures to protect themselves from the most common cyber-attacks. Following this standard allows organisations to stay ahead of emerging cyber security risks by assessing their systems against a recognised framework, proving that cyber security is a priority to you and your customers. Requiring annual renewal, there are two levels of certification:
- Cyber Essentials is a self-assessment-based approach providing peace of mind that an organisations defensive measures will protect them against the vast majority of common internet based cyber-attacks. The certification offers a basic level of assurance. Once completed, the questionnaire is verified by an authorised Certification Body to assess whether the standard has been achieved. If successful, the certification can be awarded.
- Cyber Essentials Plus takes the Cyber Essentials standard further with the addition of an external hands-on evaluation of technical controls as well as remote and on-site vulnerability testing. The purpose of these tests is to check whether the controls in place actually provide the level of expected defence against basic hacking and phishing attacks using tools that are widely available online. A more rigorous assessment, Cyber Essentials is perfectly positioned for clients facing a higher level of risk from cyber threats.
The Cyber Essentials standard covers the following technical areas:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Security update management
Whilst originally designed for SMB’s, the certification has increasingly become the minimum baseline standard required across the public sector for commercial suppliers. Evidence of holding a Cyber Essentials certificate of either level is often required before being awarded contracts with public sector organisations where the certification is an expectation. The award demonstrates that the business has met the baseline technical cyber security standards and controls proscribed by Government on its industry suppliers.
A benefit of achieving the Cyber Essentials standard is that it automatically entitles access to cyber liability insurance for the organisation if they have less than £20m annual turnover.
Organisations can start their Cyber Essentials journey with relative ease by downloading the self-assessment questionnaire directly from the IASME website. Redcentric, having recently attained Certification Body status, is now able to offer a range of new facilities to our clients supporting them through this journey to achieving the standard.
We currently offer two Cyber Essentials options, the standard self-assessment package where we will register your business on the certification portal and you undertake the assessment work yourself, Redcentric will then assess and approve certification or a Remote Support option with additional assistance provided by our assessors to help organisations achieve certification more easily. Cyber Essentials Plus is for organisations requiring greater reassurance that their existing controls can technically withstand an attack.
In all cases, if you are considering applying for this important first-step in cyber security assurance, please contact us to discuss your options and how Redcentric can support you along your journey.
