Call 01202 055400 or enquire

FAQ: What is Cyber Essentials?

2 July 2018

Cyber Essentials is a government-backed scheme designed to help organisations of all sizes reduce their risk of common cyber attacks. It allows businesses to obtain one of two Cyber Essentials badges and has the support of industry organisations like the Federation of Small Businesses, the CBI and a number of insurance organisations.

What are the certification levels?

There are two levels of certification available: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials Badges

What are the requirements?

In order to become certified your IT infrastructure must meet specific requirements. These are defined by five technical controls:

  1. Firewalls – You must configure and use a firewall to protect all devices, particularly those that connect to public or other untrusted wifi networks
  2. Secure Configuration – Only use necessary software, accounts and apps
  3. User Access Control – You must control access to your data through user accounts. Only give administrative privileges to those who require them and control what an administrator can do on those accounts
  4. Malware Protection – You must implement at least one measure (e.g. Anti Malware, Whitelisting, Sandboxing) to defend against malware
  5. Patch Management – You must keep all your devices, software and apps up to date

Companies applying will also need to test all their in-scope public-facing IPs. For most companies, this will be the block of IP addresses they get from their internet service provider, but it also includes IP addresses at all in-scope locations like data centres and cloud providers.

You can exclude IP addresses from tested if you do not have control of the security configuration of the service, for example where the address belongs to the cloud provider.

Cyber Essentials Plus also includes a technical audit of in-scope systems. This includes a representative set of workstations, mobile devices and build types in use by the organisation which an unauthorised user could access.

To determine the number of build types you must review the number of operating systems and software suites installed. If more than one browser or Office suite is used then each variant will need to be tested.

What are the benefits of Cyber Essentials?

  • Implementing the five controls correctly will help protect your organisation from approximately 80% of cyber attacks, according to the UK government
  • Demonstrate your commitment to security and data protection to customers and stakeholders
  • Boost your reputation and increase your chances of securing new business by showing you have cybersecurity measures in place.
  • Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MOD
  • Focus on your core business objectives and drive efficiency knowing that you are

What are the requirements for Cyber Essentials certification?

  • Complete a self-assessment questionnaire
  • Senior company representative signs off the questionnaire
  • An external certification body then verifies the questionnaire
  • The external certification body undertakes an external vulnerability scan of Internet-facing networks and applications to verify there are no known vulnerabilities present

What are the requirements for Cyber Essentials Plus certification?

  • Complete a self-assessment questionnaire
  • Senior company representative signs off the questionnaire
  • An external certification body then verifies the questionnaire
  • The external certification body undertakes an external vulnerability scan of Internet-facing networks and applications to verify there are no known vulnerabilities present
  • They will also test the security and anti-malware configuration of each device type/build using malicious email attachments and web-downloadable binaries, including an on-site assessment

I need more guidance on the Cyber Essentials certification process

QuoStar offers a Cyber Essentials consultancy service for organisations who require additional guidance. Our service includes Gap Analysis, technical support and guidance to implement the required controls, practical advice to ensure ongoing security and guaranteed Cyber Essentials or Cyber Essentials Plus certification. Please click here for more information on our consultancy service.

Need help?

Call 01202 055400 or click here to request a call back or make an enquiry.

Click here to find out more and request information.