Cyber Essentials helps you to guard your organisation against cyber attack.
including the most common cyber threats and demonstrate your commitment to cyber security. Here at the South West Cyber Resilience Centre we are big fans of Cyber Essentials. I will focus on how we achieved CE at the SWCRC in this article hoping it will help you too.
Cyber Essentials is an effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
The vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.
There are two levels of certification:
Cyber Essentials
This is self-assessed and gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to basic attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.
Certification gives you peace of mind that your defenses will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
Cyber Essentials shows you how to address those basics and prevent the most common attacks.
Cyber Essentials Plus
Cyber Essentials Plus still has the Cyb
er Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.
The benefits of Cyber Essentials
Reassure customers that you are working to secure your IT against cyber attack
Attract new business with the promise you have cyber security measures in place
You have a clear picture of your organisation's cyber security level
Some Government contracts require Cyber Essentials certification
If you intend to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services
The IASME consortium can help you to get certified. There is also the Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit help to create a personal action plan to help you move towards meeting the Cyber Essentials requirements. The action plan includes links to specific guidance on how to meet the requirements.
Initially we used one of our Trusted Partners C3iA Solutions Limited based in Poole in Dorset to enroll us in the program. This generated a portal through which we could go through the questions that form the assessment. You can do this at your own leisure and as many times as you need to. This allows you to research your systems, the machines you use and examine how relevant your IT policies are.
The questions we struggled to answer we spoke to our Managed Service Provider Modus (Scotland) Ltd and together we completed the assessment. This whole process took no more than four hours in total. Our initial submission was unsuccessful but with feedback from IASME and more detail added the second submission was successful and we now proudly display our IASME CE Certification.
Overall this was a really positive experience and we are reassured that we are doing as much as we can to safeguard our own systems and most importantly the data our members entrust us with.
To find out more about our free membership, please go to our website here.