Blog
FAQ: What is Cyber Essentials?
July 2nd, 2018
Cyber Essentials is a government-backed scheme designed to help organisations of all sizes reduce their risk of common cyber-attacks. It allows businesses to obtain one of two Cyber Essentials badges and has the support of industry organisations like the Federation of Small Businesses, the CBI and numerous insurance organisations.
What are the certification levels?
There are two levels of certification available: Cyber Essentials and Cyber Essentials Plus.
What are the requirements?
In order to become certified your IT infrastructure must meet specific requirements. These are defined by five technical controls:
- Firewalls – You must configure and use a firewall to protect all devices, particularly those that connect to public or other untrusted wifi networks
- Secure Configuration – Only use necessary software, accounts and apps
- User Access Control – You must control access to your data through user accounts. Only give administrative privileges to those who require them and control what an administrator can do on those accounts
- Malware Protection – You must implement at least one measure (e.g. Anti Malware, Whitelisting, Sandboxing) to defend against malware
- Patch Management – You must keep all your devices, software and apps up to date
Companies applying will also need to test all their in-scope public-facing IPs. For most companies, this will be the block of IP addresses they get from their internet service provider, but it also includes IP addresses at all in-scope locations like data centres and cloud providers.
You can exclude IP addresses from tested if you do not have control of the security configuration of the service, for example where the address belongs to the cloud provider.
Cyber Essentials Plus also includes a technical audit of in-scope systems. This includes a representative set of workstations, mobile devices and build types in use by the organisation which an unauthorised user could access.
To determine the number of build types you must review the number of operating systems and software suites installed. For instance, if more than one browser or Office suite is used then each variant will need to be tested.
What are the benefits of Cyber Essentials?
- Protects your organisation from approximately 80% of cyber-attacks, according to the UK government.
- Demonstrates your commitment to security and data protection to customers and stakeholders.
- Boosts your reputation and increases your chance of securing new business by showing you have cyber-security measures in place.
- Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MoD.
- Lets you focus on your business objectives, knowing you are secure.
What are the requirements for Cyber Essentials certification?
- Firstly, complete a self-assessment questionnaire.
- Then, a senior company representative signs off the questionnaire.
- An external certification body then verifies the questionnaire.
- The external certification body undertakes an external vulnerability scan of Internet-facing. networks and applications to verify there are no known vulnerabilities present.
What are the requirements for Cyber Essentials Plus certification?
- Firstly, complete a self-assessment questionnaire.
- Senior company representative signs off the questionnaire.
- Then, an external certification body then verifies the questionnaire.
- The external certification body undertakes an external vulnerability scan of Internet-facing. networks and applications to verify there are no known vulnerabilities present.
- They will also test the security and anti-malware configuration of each device type/build. This is done using malicious email attachments and web-downloadable binaries, including an on-site assessment.
How to get Cyber Essentials certified
QuoStar offers a Cyber Essentials consultancy service for organisations that require additional guidance. Our service includes Gap Analysis, technical support and guidance to implement the required controls, practical advice to ensure ongoing security and guaranteed certification. Please click here for more information on our Cyber Essentials consultancy service.
13 tips for picking the right IT support provider
There are a great deal of IT support providers out there, as you may have notice. So, your company has decided it wants to outsource some, or all, of its IT function to an IT support provider. Finding the right one for your business can be complicated. Putting a business-critical function, such as […]
QuoStar launches new cloud platform for law firms
We’re excited to announce the launch of Legal Ignite – our new cloud platform, designed specifically for small to mid-sized law firms. Backed by our ten years’ of experience in cloud and our in-depth knowledge of the legal industry, Legal Ignite is designed to help law firms benefit from the security, scalability and convenience that […]
In the press: Digitising courtrooms & law firms
Digital was a key focus of the Autumn Statement this year, with a total of £1.8 billion in planned investments listed by the Chancellor at the end of November. Part of this embrace of digital included an allocation of £700 million to fully digitise the courtrooms, moving from the current paper-based system to an online […]