Originally launched in 2014 and developed in collaboration with the government and NCSC (the National Cyber Security Centre), the yearly renewable Cyber Essentials certification was brought in to ensure that UK businesses had the minimum (essential) set of cyber security standards in place.
With the number of cyber-attacks in 2022 highest among medium businesses (65%), large businesses (64%) and high-income charities (51%), and the average cyber-attack costing businesses £8,460, It pays to invest in your cyber security. In 2022, four in ten businesses (39%) reported cyber security breaches or attacks so in truth, it’s only a matter of time until your business is targeted.
One common misconception about Cyber Essentials is that once a business has gained Cyber Essentials, they will be protected from cyber-crime, data loss, phishing, and other cyber-attacks, but the recommended set of cyber security measures that form Cyber Essentials is in truth, simply the very first step businesses should take towards effective cyber security. Cyber Essentials is the foundation every business should have in place, with all other cyber security measures being built upon it.
Saying that, gaining Cyber Essentials is key, as it helps not only with your cyber security measures, but with your business compliance obligations and GDPR. Gaining a certification will also set you head and shoulders above any competitors who haven’t yet invested in attaining Cyber Essentials, and you’ll benefit from a reduction in your insurance costs. Once gained you can display your Cyber Essentials Certificate of Assurance in the office, will be searchable on the Cyber Essentials list of certified companies, and can have the official Cyber Essentials logos on your website and any collateral.
Cyber criminals are most successful when they test for weaknesses in the cyber defences of a business target. Their crimes are mainly opportunistic rather than targeted, so by undertaking Cyber Essentials and ensuring effective cyber hygiene and practices are in place, you’ll deliver improved cyber protection to your business.
To gain Cyber Essentials you’ll need to look at how vulnerable your tech set up is, and investigate the cyber protection that you have in place in 5 specific areas, these areas are:
Boundary firewalls and Internet gateways
These need to be set up securely to protect from unauthorised access to or from private networks.This includes having hard to guess administrative passwords, removing unnecessary firewall rules and the installation of firewall software on devices for protection against untrusted networks.
Web & Application services, computers & network devises need to be effectively and securely configured. With unnecessary user accounts and software removed or disabled, default passwords changed and secure unlocking controls that rely on passwords, biometric data or PIN.
User access control
Access to your devices, networks, programmes, apps and servers much be managed. Administrator and user access must be effectively managed with access to your data and services kept to a minimum.When access is needed, multi-factor authentication is a must to ensure additional protection, with specific accounts granted access for administrative activities.
Defending your data and systems from malicious software is key, by having in place protection from viruses, spyware, ransomware, botnet software and spyware, your defences are strengthened.Making sure that every business device has malware protection, which is kept up to date, is key to ensuring your company is protected against malicious files and websites.
Timely, regularly patch management is key, all software and devices can have vulnerabilities, which if left unpatched can be exploited.Enabling automatic updates and removing unnecessary software can help guard your companies data from cyber-attacks.
The team at Method IT are an official Cyber Essentials Certification body and can help to ensure that all 5 areas are effectual and meet the criteria of the Cyber Essentials scheme. There are in fact, two Cyber Essentials certifications: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials Plus is the same certification but with an additional external audit, providing external confirmation of adherence, we can help you decide which certification would be best for your business.
Should you choose Method IT as your Cyber Essentials certification partner, our experts will be on hand, ensuring that you have everything in place to attain the certification best suited to your business needs. If you’d like to know more, talk to one of our Cyber Essentials experts or arrange a meeting do, please get in touch
If you’d like to understand more, we’ve created a free Cyber Essentials resource to help you learn more about the scheme, and which Cyber Essentials certification you would want to complete. You can download our free resource here: