To protect your information from cyber-attacks, the UK government has developed a scheme called Cyber Essentials. It provides security guidelines that all business organisations should follow. It can protect organisations from more than 75% of frequent cyber-attacks. If you want to be engaged in any business with the government; bid for a contract, your business must be certified.
The UK government launched this scheme in 2014 to help business organisations in improving their cyber-security. This level is just an initial framework of cyber-security. It states some requirements that your organisation needs to meet to get the cyber essentials certificate. It gives you a clear idea of how secure is your business. What’s the level of your cyber security and if your system is vulnerable to any cyber-attack?
It states five technical controls that you have to implement:
- Set up a firewall
The first thing you need to do is secure your internet connection. For this, you have to set up a firewall which will prevent unauthorised users from accessing the network. You can set up a personal firewall on your PC or a boundary firewall on the network
- Secure configuration
You need to secure your devices and software by changing their default settings and using passwords.
- Configure user access
You need to configure user roles and permissions. It will reduce the risks of unauthorised access.
- Protect your computer from malware
You have to protect computers from viruses and malicious attacks. For this, you need to install the latest versions of anti-virus and anti-malware software and keep them up to date.
- Update devices and software
You need to install updates regularly. Software companies frequently release patches to fix any bug or security problem. Installing these patches can secure your software.
Cyber essentials plus
Cyber essentials and cyber essentials plus are two levels of certification. Cyber essentials plus have the same set of requirements as cyber essentials. To get the cyber essentials plus certification, your business first needs to be cyber essentials certified.
You must get cyber essentials plus certification if you are a large organisation and have given remote access to your employees.
What’s the difference?
The only difference in cyber essentials and cyber essentials plus is that cyber essentials are a self-certification, whereas cyber essential plus requires a third-party assessment of the five technical controls.
At the first level, you will be asked to answer the questionnaire (self-assessment questionnaire), which is assessed and reviewed by an independent certifying body. You will be allowed to choose the certification body which will verify your answers.
At the second level, an external certification body will test your security practices. They will visit your organisation and carry out different tests to check vulnerabilities. They will test your approach for virus and malware protection if no vulnerabilities are found after the scan, you will be given the cyber essentials plus certificate.
Cyber essentials plus certification costs more than cyber essentials as more resources are used in this process.
Why you need cyber essentials certification?
Getting any of these certifications could be beneficial for your business in different ways. Here is how:
- They could help you in the bidding process, as to bid for a tender your business needs to be at least cyber essentials certified.
- Your customers will know that you have taken severe measures for protecting data. They will know that their information will be secure and won’t be misused.
- It could help you to grow your business, especially if you are an IT service provider.