The Department for Business, Innovation and Skills (BIS) officially launched the new Cyber Essentials scheme on 5th June, 2014. The two part scheme is based on The 10 Steps to Cyber Security, a guide developed for businesses to follow to implement a baseline cyber hygiene within their business. However, as the government realised that the 10 Steps were not being implemented effectively, the Cyber Essentials certification was developed.
The first of two parts to the scheme provide a set of five controls, the implementation of which can provide basic cyber security and a significant reduction in an organisation’s vulnerability. Self-assessments alongside external verification against the five criteria can result in certification to demonstrate an organisation’s compliance.
The five key controls are:
- Boundary firewalls and internet gateways – This ensures no unauthorised access is allowed in or out of private networks.
- Secure configuration – Ensuring all systems and configured correctly and appropriately
- Access control – Only authorised persons have access to systems necessary and at the appropriate level
- Malware protection – Ensuring virus and malware protection is installed and updated
- Patch management – Ensuring the applications are updated with the latest versions and all patches supplied by the vendor have been applied.
The second part of the scheme, Cyber Essentials Plus, offers higher assurance but requires more external assessments, in the form of penetration testing, to analyse the organisation’s cyber resilience.
Benefits of the Cyber Essentials certification include:
- Licence to tender for contracts that specify that companies must be Cyber Essentials certified
- Improved reputation and customer trust
- Reduced Cyber Risk Insurance premiums
How do I get a Cyber Essentials badge for my company?
To find out more about Cyber Essentials certification, contact us today.