What is the Cyber Essentials Scheme?

The Cyber Essentials Scheme helps to guard your organisation and its supply chain from the most common types of cyber threats. Not only does the scheme help to protect your business, but it demonstrates your commitment to cyber security. 

What is the Cyber Essentials scheme?

The Cyber Essentials scheme is a government-backed, industry supported scheme that helps businesses to protect themselves against the increased threat of cyber attacks. It provides clear advice on the basic controls organisations should have in place to protect themselves. 

The scheme, which was developed and operated by National Cyber Security Centre (NCSC), was introduced to provide a safe internet space for organisations of all sizes, across a variety of all sectors. 

What does Cyber Essentials cover?

There are five key areas which are covered by the Cyber Essentials scheme:

• Firewalls and routers – Creating a barrier between your IT network and other networks to check if incoming traffic should be allowed on your network.
  
• Software updates – Protect against potential vulnerabilities by keeping your devices up to date.
  
• Malware protection – Protect against viruses and other malware by using correctly configured anti-malware software.
  
• Access control – Manage access to administrator accounts to control who has access to your services and data.
  
• Secure configuration – Choose the most secure settings for your device by changing passwords and removing unused accounts.

Why become Cyber Essentials certified?

Becoming Cyber Essentials certified signifies that your organisation takes a proactive approach against cyber attacks and the threat of such. It also demonstrates to your customers, investors and insurers that you have taken the minimum and necessary steps to protect your organisation against cyber threats. 
The NCSC states that undertaking the Cyber Essentials certification process can protect businesses from around 80% of attacks, even if just one of the five controls is used.

How to get Cyber Essentials certified

Becoming Cyber Essentials certified is an incredibly easy process. All you need to do is follow the steps below:

1. Purchase the Cyber Essentials Basic. This will cost you £300+ VAT.
   
2. Complete the self assessment questionnaire. Once you’ve purchased the Essentials Basic, you should then move on to completing the self assessment questionnaire and submit it on the IASME portal. The logins for this will be sent via email and password logins will be sent via SMS post-purchase.
   
3. Wait for the PDF Certification to arrive. Once you have submitted the questionnaire, if successful, you will receive your PDF certification. 

You will also have the option to choose the Cyber Essentials Plus, which includes a technical audit of the systems that are in the scope for Cyber Essentials. The Plus consists of an external vulnerability assessment, an internal scan, mobile screenshots and user testing. 

The benefits of becoming Cyber Essential certified

There are many benefits that come with being Cyber Essential certified, and listed below are just a few examples. 

• Be listed on the NCSC’s database – One of the biggest benefits of becoming Cyber Essential certified is that your organisation will be listed on the NCSC’s website and database, showing suppliers your commitment to protecting your clients and organisations data.
  
• Work with the UK government and Ministry of Defence (MOD) – Cyber Essentials allows you to work with the UK Government and Cyber Essentials Plus will allow you to work with the MOD.
  
• Win new business – Becoming Cyber Essential certified will help to boost your reputation and attract new business opportunities by assuring your customers that you take cyber security seriously.
  
• Demonstrate supply chain security – Obtaining a Cyber Essential certification will help to demonstrate your commitment to data protection and cyber security.
  
• Prevent around 80% of attacks – By correctly implementing the basic areas covered by the Cyber Essentials scheme, you can reduce the impact of threats such as phishing attacks, malware, ransomware, password-guessing attacks and network attacks. 

Why Cyber Essentials is important for businesses

No matter what size your business is, you are likely to be open to possible risks of cyber attacks. The impact of cyber security breaches can be felt down the whole supply chain of a business, which is why organisations need to ensure they are not the weakest link in the supply chain.
By evaluating their threat profile and implementing strategies, Cyber Essentials helps organisations mitigate the risks of the most common cyber attacks by providing a strong base for businesses to work with.