Cyber Essentials background
Organisations have always been at risk from criminal activity, and whilst protecting against physical break in was once a priority there is now a greater risk from cyber criminals who search for easy targets to commit fraud and steal.
If you have internet access you are a target from online fraud and theft, and help to reduce this risk is available in the form of Cyber Essentials, a scheme promoted by the UK Government to make it easier to check you have basic protection, in summary Cyber Essentials helps to identify and guard against the most common cyber threats and demonstrate a commitment to cyber security.
Cyber Essentials requires organisations to confirm five technical controls are in place:
- Boundary firewalls
- Secure configuration
- Access control
- Malware protection
- Patch management
Cyber Essentials is an independently verified self assessment, and organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided. These controls cover firewalls, secure configuration, access controls, malware and patch management. Achieving certification demonstrates that these essential protections and controls in place.
Self Assesment
+ remote support
Includes self assessment fee
Introduction call
Same day response
3 hours remote support from a qualified security expert
Pre-assessment review
Self Assesment
+ onsite support
Includes self assessment fee
Introduction call
Scheduled day visit
1 day onsite support from a qualified security expert
Full pre-assessment review
Managed Security
Pathway
Includes self assessment fees
Quarterly review calls
2 Scheduled visits
Scheduled support from a qualified security expert
Fully managed assessment
Security actions framework
Continuous certification objective
Why get certified to Cyber Essentials?
The Cyber Essentials standard offers a sound foundation of basic measures that any organisation can implement, and we agree that implementing these controls will significantly reduce the vulnerability and provide cost effective, cyber security for any sized organisation.
If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine – ICO enforcement manager
Failing to protect your organisation can be costly in other ways, following a cyber attack an investigations by the Information Commissioner’s Office found a Berkshire based firm had failed to take basic steps to protect it’s website which resulted in a fine of £60 000.
Cyber Essentials certification will help to avoid suffering an attack and being penalised for a lack of action. It is also worth noting that the new General Data Protection Regulation (GDPR) comes into force in May 2018 and will raise the profile of security and data protection.
GDPR will be the most significant change in data privacy and security regulation in 20 years, and is intended to strengthen data protection for all individuals within the European Union.
Perhaps the most critical element of GDPR is the breach notification, which mandates that the ICO must be informed within 72 hours of any data loss and users informed “as soon as possible”.
Unsurprisingly, the Cyber Essentials scheme offers a big step towards being compliant with GDPR, and we can help to put the technical controls in place and achieving certification.
Cyber Essentials certification process
We will work with you to ensure the correct processes are in place for each of the five technical controls to help you to certify to the Cyber Essentials standard, and this includes:
- Preventing unauthorised access using boundary firewalls
- Setting up systems using secure configurations
- Restricting access to those who need it with user access control
- Protecting against malware using anti-virus software
- Creating processes for patch management
We will work through a pre-assessment questionnaire and create a gap analysis to baseline your current situation and propose a plan to rectify any issues. Any remedial work can be undertaken by your own team or by a Sytec expert.