In 2014 the UK government launched the Cyber Essentials scheme. This is a certification which asserts that companies who have qualified for Cyber Essentials are meeting the minimum required standards to be considered cyber secure.
There is absolutely no doubt that number and frequency of cyber-attacks is on the rise, and fast. With a Cyber Essentials certification, you can rest assured that you have completed all the recommended steps to offset the risk of a cyber-attack on your business.
What is a cyber-attack?
A cyber-attack is defined in general terms as an assault performed using a computer (or computers) by cyber criminals, against a victim’s computer, computers, or an entire network of computers. The result of a cyber-attack can lead to several very serious implications for a user and even more serious implications for a business, including:
- Stolen data – often held to ransom, with the attacker promising to only return the data when a ransom is paid (which is often tens of thousands of pounds).
- Data breaches – stolen data is often placed online for anyone to see; this can leave you open to further cyber-attacks by other criminals using that data.
- Removal of backups – with ransomed data having the ability to be restored, newer ransom scripts have been known to change your system’s backup retention to 1, thus allowing the backup to run overwrite clean backups with the new encrypted data.
- Access to email accounts – usually resulting in either a data breach, and/or an interaction with your clients, for example sending out “our bank details have changed” phishing emails to trick customers into mistakenly forwarding funds to the attacker.
- Loss of trust – once a client knows you have been cyber attacked, which will become obvious due to breaches and/or delay in services caused by downtime, they will quickly lose trust in you. Even minor breaches can have a major impact on your reputation.
- Stress – a cyber-attack will without doubt be very stressful for everyone involved – your business, your team, your clients, and your suppliers. It can subsequently damage both internal morale and external confidence in your business.
How do I achieve Cyber Essentials certification?
To qualify for Cyber Essentials certification, you must ensure your organisation’s compliance in these five areas:
- Secure internet connection.
- Secure devices and software.
- Controlled access to your data and services.
- Protection from viruses and other malware.
- Your devices and software are up to date.
These five areas represent the minimum efforts that any organisation should undertake to keep their business and their customers safe. In fact, many companies already meet these standards, so why not make it official?
Carden IT Services can help you on your certification journey to achieve Cyber Essentials or Cyber Essentials Plus. Both certification paths have different levels of involvement that are required by our engineering team.
What are differences between Cyber Essentials and Cyber Essentials Plus?
A standard Cyber Essentials certification is a more straightforward exercise, where your IT team is required to complete a physical self-assessment of your IT environment, and the certification body will evaluate your answers and pass or fail you based on the answers given. The cost of the certificate itself is £350 + VAT, plus the time required by your IT team to complete the paperwork and carry out the physical inspections. Trust from all parties is required that the answers supplied are accurate.
On the other hand, a Cyber Essentials Plus is a lot stricter, and involves the certification body physically testing and auditing the IT system, as well as the answers provided. Because of this, the costs involved are a lot higher, starting with a £1500 + VAT fee from the certification body, in addition to any IT team costs involved.
As you can imagine, a Cyber Essentials Plus certificate holds a lot more weight than a standard Cyber Essentials.
Why should I be Cyber Essentials certified?
Having a Cyber Essentials certificate is a great way to know (and prove) that you have carried out all that you can to offset or prevent any type of cyber-attack on your business and be confident that you have the correct, up-to-date software, hardware, and processes in place.
Furthermore, having the Cyber Essentials logo on your website or marketing materials is a great way to stand out from the competition and lets new and existing customers know that your organisation takes the security of their data seriously. As Cyber Essentials certification becomes more prevalent, many potential customers will notice if you do not have the Cyber Essentials logo on your materials, especially if your competition does.
Insurers have indicated that Cyber Essentials compliance is a factor they account for when considering insurance premiums for events like data breaches and ransomware attacks.
More and more industry bodies are making Cyber Essentials compliance a key part of their requirements. For example, it is now a requirement for law firms that wish to obtain Lexcel accreditation to first have Cyber Essentials certification. Cyber Essentials is also a requirement for any organisation that wishes to undertake a government contract whereby they handle sensitive data on the public.
How do I apply?
Carden IT Services can assist you in the process of complying with these five areas of control and once you are compliant, we can approve your application for Cyber Essentials.
We are excited to be able to offer Cyber Essentials compliance as a service to both new and existing clients. Get in touch today to find out more. Get in touch to find out more.