An introduction to Cyber Essentials
3rd February 2021
Cyber Essentials is a government backed scheme designed to help businesses protect themselves from some of the most common online threats. Since its introduction in 2014, 30,000 businesses have been awarded the highly regarded certification.
In order to pass and achieve certification you must prove your application of five technical controls, (The Five Controls of Cyber Essentials). Upon passing you can decide between two different plans on offer, Cyber Essentials and Cyber Essentials Plus.
The 5 Controls of Cyber Essentials
The 5 controls are:
- Use a firewall to secure your internet connection
- Coose the most secure settings for your devices and software
- Control who has access to your data and services
- Protect yourself from viruses and other malware
- Keep your devices and software up to date
As mentioned previously, to achieve a Cyber Essentials certification you need to apply these 5 controls in your workplace. Let us take a look at why you would go to the trouble of getting a certification.
Why is Cyber Essentials a good idea?
- It is designed to defend against some of the most common threats out there - using Cyber Essentials is estimated to protect you against roughly 80% of threats.
- Most Government contracts require Cyber Essentials to even bid for them; some considering Cyber Essentials as a minimum certification is adequate and others insisting the bidding company holds Cyber Essentials Plus, depending on the sensitivity of the data being handled.
- It will help you satisfy the security principles of GDPR and reassure you that you are complying by the regulations.
- It could be a good investment into the future. Cyber Essentials does require a small upfront cost. However, once credited, your business could reap the benefits of £25,000 worth of cover against Cyberattacks. If your turnover exceeds £20m then you are not eligible for this cover, but you can still benefit from lower insurance premiums.
- The reputational effects of having Cyber Essentials can also help you boost your customer count. Customers trusting you with their data can only be positive.
So, you now know the benefits of having the Cyber Essentials accreditation, you know you want to achieve it, but you are not sure which one you need. We will now go through some details of the two grades of certification, so you can make a revised decision based on what is best for you.
How Cyber Essentials is certified
Cyber Essentials is the minimum level of certification an organisation needs to acquire to be considered as Cyber Essentials certified.
The process for this grade of certificate is largely DIY (Do-It-Yourself) driven, with an appointed representative from the business needing to complete a detailed online application. The form requests the applicant to complete a number of statements, each linking back to the 5 key controls of Cyber Essentials, all of which are designed to give the accreditation body scope to understand the breadth & depth of best practice processes deployed within the applicant business – that are compliant to Cyber Essentials guidelines.
Cyber Essentials Plus
Plus is a more rigorous test of an organisation’s cyber security defences and practices. This grade of certification is a requirement in certain circumstances for Government tendered contracts, or some within the private sector alike, but is also a useful benchmark to ensure your organisation is protected – especially where you have staff working from home or have third-party businesses having access to your premises or IT systems.
Unlike the entry-level Cyber Essentials grade, Plus requires the accreditation body to conduct an on-site assessment and to complete technical scans of your network – to accurately evidence and prove compliance to the Cyber Essentials guidelines and expectations at the Plus grade.
Discover more in our blog series here.
How we help you to get certified
We appreciate that each business is different and a ‘one size fits all’ approach does not work when approaching technology and security, so we provide a number of options to help you swiftly get underway with your accreditation.
DIY Self Certification
If you have Cyber Security experience and know your way around your systems our DIY service provides you with an easy to follow online application, combined with guidance notes, which you can follow to detail out the cybersecurity practices within your organisation.
Upon initial submission, our expert team will provide assessment within 48-hours and feedback advice to remedy any gaps in your statements, prior to certification.
Within our £299 fee, you’ll achieve your certification and report – plus free Cyber Liability insurance.
Most clients prefer a little more support for their business which we can offer via one of our supported services which includes our pre-marking the assessment before its submitted to ensure your business will pass first time.
Our supported services will help to not only ensure your certification process is effortless and swift, but more importantly, see that your business is comprehensively protected against digital threats.
Beyond the DIY service, within our £599 package, you will additionally receive unlimited email and telephone support from our team to hold your hand through the process – to accurately tackle each step to acquire your certification.
A 100% successful pass rate is guaranteed.
To work through the best cybersecurity practices together more intensively, we also provide an onsite support package.
Within our £900 service, you will not only receive the online portal, email and telephone support – but be scheduled a full day’s consultancy from an expert member of our team who will work through identifying and analysing each component of the Cyber Essentials scheme, and how your business can meet those requirements.
Cyber Essentials + Governance & GDPR Readiness
Cyber Essentials covers the technical aspects of the governments standards. For organisations who would like to address their internal processes and procedures as well as some of their GDPR requirements then the IASME Governance would be the way forward.
For our £1550 package, you will receive access to the same online Cyber Essentials application process, our email & telephone support, a half-day site consultancy and access to the IASME Governance & GDPR readiness questionnaire. We’ll also provide various processes and procedure templates, eg, security policy which you can adjust to suit your business.
Cyber Essentials Plus
To achieve your Cyber Essentials Plus certification, we provide a tailored package of support from £1100, which includes either an onsite or remote audit, consultancy and questionnaire support; often with same-day certifications provided.
2nd Company Certificate
If you have already completed the Cyber Essentials process within an existing business, but need a second trading company (operating within the same premises, on the same IT equipment) to be certified too – our £99 DIY package will allow you to breeze through the process and quickly obtain a second certificate for your sister company, without having to work through the same process as with your first certification.
Want to get cyber secure?
Netcom are not only a certification body for the Cyber Essentials scheme, we’re IT and cybersecurity experts too! We can help your business take the steps necessary to secure itself in the digital age, while also meeting the requirements of the Cyber Essentials scheme and in-turn, ensure you achieve and maintain your Cyber Essentials certification.
To begin the process of achieving your Cyber Essentials certification, or to seek the right support and guidance to passing your assessments with flying colours – please visit our dedicated site: https://www.getcybercertified.co.uk.
Or, if you’d like to discuss this further with a member of our team, please contact us by calling 0114 361 0062 or complete our contact form here.