In 2014 the UK government launched the Cyber Essentials scheme. This is a certification to show that companies who have qualified for Cyber Essentials are meeting the minimum required standards to be considered secure.
There is absolutely no doubt that cyber attacks are on the rise, and fast. With a Cyber Essentials certification, you can rest assured that you have completed all that you can to offset any risk of a cyber-attack on your business.
What is a cyber-attack?
A cyber-attack is in general terms defined as an assault performed using a computer or computers by cyber criminals, on a computer, number of computers or an entire network of computers against a victim. The result of a cyber attack can lead to several very serious implications, including:
- Stolen data – often held to ransom, only returning the data if a ransom is paid (often tens of thousands of pounds).
- Data breaches – stolen data is often placed online for public viewing, that will only be removed once a ransom is paid (again usually tens of thousands of pounds).
- Removal of backups – with the ransomed data having the ability to be restored, ransom scripts are now known to change backup retention to 1, allowing the backup to run overwriting clean backups with encrypted data, before deploying the ransomware notice.
- Access to email accounts – usually resulting in either a data breach, and/or an interaction with your clients, for example “our bank details have changed”.
- Loss of trust – once a client knows you have been cyber attacked, which will become obvious due to breaches and/or delay in services caused by down time, they will lose trust in you.
- Stress – a cyber attack without doubt will be very stressful for everyone involved – your business, your team, your clients and your suppliers.
How do I achieve Cyber Essentials certification?
To qualify for Cyber Essentials certification, you must ensure compliance in these five areas:
- Secure internet connection.
- Secure devices and software.
- Controlled access to your data and services.
- Protection from viruses and other malware.
- Your devices and software are up to date.
These five areas represent the minimum efforts that any organisation should undertake to keep their business and their customers safe. In fact, many companies already meet these standards, so why not make it official?
Carden IT Services can help you on your certification journey to achieve Cyber Essentials or Cyber Essentials Plus. Both certification paths have different levels of involvement that are required by our engineering team.
What are differences between Cyber Essentials and Cyber Essentials Plus?
A standard Cyber Essentials certification is a more straightforward exercise, where your IT team is required to complete a physical self-assessment of your IT environment, and the certification body will evaluate your answers and pass or fail you based on those answers. The cost of the certificate itself is £350 + vat, plus the time required by your IT team to complete the forms. Trust is involved that the answers supplied are correct and accurate.
On the other hand, a Cyber Essentials Plus is a lot stricter, and involves the certification body physically testing and auditing the IT system based on the answers provided. Because of this, costs are a lot higher, and start at a £1500 + vat fee from the certification body, plus any IT team costs involved.
As you can imagine a Cyber Essentials Plus holds a lot more weight than a standard Cyber Essentials.
Why should I be Cyber Essentials certified?
Cyber Essentials is a great way to know you have carried out all that you can to offset or prevent any type of cyber-attack on your business and be knowledgeable that you have software and processes in place.
Furthermore, having the Cyber Essentials logo on your website or marketing materials is a great way to stand out from the competition and lets new and existing customers know that your organisation takes the security of both their data seriously.
When tendering for a contract, many potential customers will be aware of Cyber Essentials and will notice if you do not have a logo on your materials, especially if your competition does.
Insurers have indicated that Cyber Essentials compliance is a factor they account for when considering insurance premiums for events like data breaches and ransomware attacks.
More and more industry bodies are making Cyber Essentials compliance a key part of their requirements. For example, it is now a requirement for law firms that wish to obtain Lexcel accreditation to also have Cyber Essentials certification. Cyber Essentials is also a requirement for any organisation that wishes to undertake a government contract whereby they handle sensitive data on the general public.
How do I apply?
Carden IT Services can assist you in the process of complying with these five areas of control and once compliant, we can approve your application for Cyber Essentials.
We are excited to be able to offer Cyber Essentials compliance as a service to both new and existing clients. Get in touch to find out more.