Is Cyber Essentials actually Essential?

Is Cyber Essentials actually essential?

Cyber security is a topic that’s discussed around every board table. It’s an increasingly prevalent threat that we can’t ignore. Tackling this threat and keeping your business safe requires robust security measures. It demands dedication to constant learning, time, and money. One of the key ways SMBs can demonstrate that they’re taking cyber security seriously and are putting the effort in to protect their business and their customers, is through Cyber Essentials.

What is Cyber Essentials?

Cyber Essentials is a government-backed and industry-supported scheme to help businesses protect themselves against cyberthreats. The National Cyber Security Centre recommends it as the minimum standard of cyber security for all organisations – and we absolutely agree. It’s suitable for organisations of all sizes, types and across all sectors.

The scheme was launched in 2014 and since then it’s become recognised as a business standard. Now, 92% fewer insurance claims are made by businesses and organisations with the Cyber Essentials controls in place.

What’s involved?

Cyber Essentials ensures that your organisation has 5 key controls in place. They are:

Secure Configuration

Set up computers securely to minimise ways that a cyber criminal can get in

Patch management

Prevent cyber criminals using vulnerabilities they find in software as an access point to your systems

User access control

Control who can access your data and services and what level of access they have

Firewalls

Create a security filter between the internet and your network

Malware protection

Identify and immobilise viruses or other malicious software before it has a chance to cause harm

Benefits of Cyber Essentials for SMEs

Protection Against Common Threats

The National Cyber Security Centre states that most cyber attacks are basic – the digital equivalent of a thief trying your front door to see if it’s unlocked. Cyber Essentials helps you bolt your door against the most common cyber attacks.

Customer Trust

Cyber Essentials isn’t just about protecting your business. It’s also about protecting our customers’ businesses by handling their data with care. Having a Cyber Essentials certificate demonstrates to your prospects and customers that you are committed to keeping their data safe, helping to build trusting partnerships.

Compliance

Cyber Essentials makes demonstrating your compliance with GDPR for example straightforward. Further to this, heavily regulated industries can lean on their cyber security setup they’ve achieved through their Cyber Essentials certification, to demonstrate compliance. Regulations often overlap, so achieving Cyber Essentials gives you a good step in the right direction for meeting the requirements of other regulations.

Cyber Essentials vs Cyber Essentials Plus

There are two levels of certification available. Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials: A basic level of certification which is awarded on the basis of a completed self assessment which is then independently verified.

Cyber Essentials Plus: This is available once you’ve passed the basic Cyber Essentials. It’s a higher level of assurance which involves a technical audit of your key controls by an external Cyber Security assessor. In this way, it gives more assurance that you are complying with the scheme and have a robust security set up.

Why Cyber Essentials Plus is better for SMEs

Think of Cyber Essentials and Cyber Essentials Plus in this way: for Cyber Essentials, you’re marking your own homework and your teacher checks it; for Cyber Essentials Plus you’ve passed an exam that’s verified by an external exam board. The external assessment adds an additional layer of verification, meaning the certificate is more highly valued. It demonstrates a greater commitment to cyber security and, as it’s more difficult to achieve, gives you a competitive advantage.

So is Cyber Essentials actually essential?

Yes! Cyber Essentials and Cyber Essentials Plus are exactly that – essential. Achieving these gives you a strong cyber security foundation and demonstrates to your customers that you take cyber security seriously. We recommend Cyber Essentials Plus because it is independently verified by an external Cyber Essentials Assessor so offers great value. If you’d like to learn more about Cyber Essentials and Cyber Essentials Plus, or discuss the ways in which we can help you on your cyber security journey, please get in touch.