Cyber essentials was introduced in 2014. It is a government-backed scheme designed to help businesses protect themselves from the most common of cyber threats. The scheme uses ‘five technical controls’ that, if implemented and maintained correctly, will see you gain the Cyber Essentials certification and show your customers that you take cyber security seriously. There are two levels of the certification, which are as follows:
Why would I want the accreditation?
An understandable question, as if you have never been the victim of a cyber attack it can seem pointless. But, in the modern world of technology, cyber-attacks are getting more common by the day and the likelihood of a cyber threat is no longer a matter of ‘if’ but ‘when’. The accreditation will provide a firm foundation for your cyber defences. It is designed to defend your systems against the most common of cyber threats rather than make your network impossible to breach (which is impossible to achieve with technology ever evolving). The implementation of Cyber Essentials – and the correct upkeep and maintenance of the five key controls – is estimated to provide protection against roughly eighty percent of all cyber threats – a very high number, and is more than enough to act as a very strong foundation for your cyber security.
Certain government contracts now require bidding companies to hold the Cyber Essentials Accreditation. Some contracts require Cyber Essentials as the minimum certification, and many require a bidding company to hold Cyber Essentials Plus for contracts involving the handling of more sensitive data. This means that not having it leaves you already a step behind your competition. You are also taking yourself completely out of the running for the potentially very lucrative contracts that many businesses are keen to obtain.
GDPR’s security principle states that personal data should be ‘Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’. As Cyber Essentials requires you to apply the five key controls we touched on briefly earlier, it will also help you satisfy the security principles of GDPR and prove that you are committed to handling personal data safely.
You will have to make a small investment to become certified, but the long-term financial benefits can be immense – and not just due to the contracts we mentioned earlier. Once you achieve certification your organisation can enjoy ‘Cyber liability insurance’ which consists of £25,000 worth of cover against cyber-attacks. If your business is large enough to exceed a £20m annual turnover then you won’t be eligible for this but it is likely that you will benefit from lower insurance premiums.
Cyber-attacks cost money. Cyber Essentials will lower your likelihood of one causing problems such as downtime, along with the chance to boost the reputation of your business and in turn the revenue it brings in from the new customers it attracts. There are many benefits which can be enjoyed at a ridiculously low yearly fee, making it a no brainer for many. So, what are the five technical controls I must implement?
Let’s take a brief look at the five key controls that make up the accreditation.
As we mentioned earlier, Cyber Essentials requires the practical application of the five technical measures, known as the ‘five controls.’ These measures are not optional; all businesses which undergo assessment are required to implement them without exception.
The five controls are:
In the next blog in the series we will explore the five controls in depth and what you need to do to ensure you are compliant with Cyber Essentials and are guaranteed to achieve the certification.
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org