Logicle IT

View Original

Cyber Essentials - What You Need To Know

Implementing the Cyber Essentials scheme can significantly enhance your company's online visibility and credibility by demonstrating proactive measures to safeguard sensitive data and protect against cyber threats, reassuring potential clients and stakeholders of your commitment to cybersecurity best practices.

Being Cyber Essentials certified ourselves, Logicle IT can guide you in the right direction to become more secure and gain your certification.


What is the Cyber Essentials Scheme?

The Cyber Essentials Scheme is a government-backed scheme that aims to protect your business against the most common cyber-attacks. It ensures you have the proper technical controls, policies, and procedures to remain secure.

There are 2 options available with Cyber Essentials certification:

  • The basic Cyber Essentials certification is a self-assessment option where you provide all the information about your estate to an approved assessor.

  • Cyber Essentials Plus certification requires a hands-on technical verification by an approved assessor to ensure compliance.

Cyber Essentials certification lasts 1 year from the date on the certificate and requires recertification each year to remain compliant.

 

Why should I consider it?

One of the biggest growing threats to any business is the possibility of a cyber attack which can be detrimental. The Cyber Essentials Scheme ensures that your business follows the best security practices to secure you and your company. Depending on the size of your business, you may also be eligible for free Cyber Liability.

Cyber Essentials is also becoming a common requirement for project-driven work, especially where collaboration is essential or suppliers are bidding for government contracts, particularly those that handle sensitive or personal information.

 

What does Cyber Essentials Assessment Cover?

5 controls cover the basics of adequate, secure infrastructure, and these are the areas which the Cyber Essentials Scheme covers.

  1. Firewalls

These controls are designed to prevent unauthorised access to or from your private network; it's separate from your antivirus software which helps against malware. An efficient firewall, either hardware or software, must protect all devices that connect to the internet.

2. Secure Configurations

Ensuring your hardware and software are using secure configurations can help ensure your network is not vulnerable to vulnerabilities.

3. User Access Control

Minimum access to your data and services is vital. Managing user accounts to ensure they follow the best secure configuration and limit privileges allows for a more secure and auditable process. However, this does often mean compromising convenience for security.

4. Malware Protection

Protecting against malware (which includes viruses, worms, spyware, ransomware, etc.) is vital to any business. Ensuring your endpoints have a valid and up-to-date Malware protection solution helps secure your business.

5. Patch Management

All hardware and software are prone to vulnerabilities which cyber criminals can exploit. This section ensures your devices are running supported operating systems and are up to date to patch any known exploits. It also looks at the software used to ensure that it is kept up to date and compliant to ensure that any weaknesses found are resolved.

 

What is in the scope of Cyber Essentials?

This is a continually updated certification so the scope may change each year. The Cyber Essentials 3.0 January 2022 edition ensures that your business network, personal devices, and cloud services are secure; any personal device must comply with the same security measures as the rest of your business. The diagram below, found in the NCSC requirements document, shows the scope boundary. Any device or service inside the border must be included when applying for Cyber Essentials certification.


Although not a Cyber Essentials-approved assessor, our IT professionals can help evaluate your network and advise on what is required to attain Cyber Essentials certification and how to remain compliant. We can also assist with any support you need when completing your self-assessment application. Get in touch!