What are Cyber Essentials ? It’s a government backed scheme which was launched on the 5th of June 2014. Cyber Essentials will help protect your business from:
- Phishing Attacks
- Malware
- Ransomware
- Password Guessing
- Network Attacks
We are now offering this service to businesses of all sizes. So if your business only has a couple of laptops or a plethora of pcs across many offices. You can still benefit from cyber essentials.
So why does your Business need Cyber Essentials
CCCit understands that time is money, however we also understand the importance of keeping your network as secure as possible. Below we have highlighted just a few benefits of Cyber Essentials, and why you should take it seriously.
- You take cyber protection seriously. It demonstrates to your potential customers and current customers that you are committed to cyber security. It’s important to understand that if your business suffers a serious cyber attack, It will lead to lost customers.
- Opens doors to potential new business. If you’re thinking of working with a government organisation, a local council, or other public sectors you will need to have a Cyber Essentials Plus Certificate to even be considered.
- Peace of mind. You can relax, knowing that your network is secure and that your business will not fall victim to a basic cyber attack.
Cyber Essentials Vs Cyber Essentials Plus
Cyber Essentials comes in two packages, depending on what your company needs.
- Package : Cyber Essentials Self Assessment This is a self assessment questionnaire, which will need to be completed by you and your IT department. The questionnaire will then be sent to a Cyber Essential Assessor. If the answers you provide are compliant with Cyber Essentials, then your business will be issued a Cyber Essential Certificate.
- Package : Cyber Essentials Plus Also includes a self assessment, however, you will also have a Cyber Essentials Assessor come to your office and test your network. The Assessor will also provide an independent assessment of your IT systems.
Cyber Essentials / 5 Controls
Cyber Essentials checks 5 controls your business will be checked against in order to achieve certification.
- Control 1 : Firewall and Internet Gateway, will test that you have a robust firewall protecting your business and that it has been configured correctly. If you’re working from home, then the home routers will be tested under the Cyber Essentials Framework.
- Control 2 : Secure Configuration, will test your servers, laptops, computers and mobile phones. When computers are first installed, they will most likely contain pre-installed software. If this software is not removed, it can become a security risk for you and your business. Another example would be old software that has been installed but is no longer in use, it happens to many businesses and these could also become a security risk. Finally Cyber Essentials will also be looking at the quality of your passwords. Ensuring that each unique user has a unique password to access the computer systems.
- Control 3 : Patching and Updates, this will test the software/operating systems on your computer, for example is anyone still using Windows 8? As this will be an automatic fail. Even if you’re using Windows 10/11, the assessor will ensure that it is correctly updated with the latest patches (supported patches only, unsupported patches will also be an automatic fail). Security patches will also be investigated, is your server up to date? This is a common problem in the industry today, because many systems haven’t been updated in several months, these should be installed within 14 days.
- Control 4 : Access Control, Cyber essentials will test whether users have the correct access control. Full control should only be given to IT professionals, with standard admin control given to your day to day task/ employees. The issue arises when everyone has full access, because if you get hacked it will mean that the hacker will have full access to your network, and they can cause damage. In addition, Cyber essentials will look at your new starter and leaver processes. It’s common for ex-employees that have left the business weeks or even months ago to still have accounts. Hypothetically these people still have access to your IT systems.
- Control 5 : Malware Protection, What is malware? Malware is created by hackers to exploit your date, and it is intended to steal or damage your company. This is why Security Essentials will look at your company’s anti-malware protection, to ensure it is correctly configured.
What’s Next ?
If you’re a business owner, and are looking for that peace of mind, let us help you. We are one of Bristol’s leading providers of IT services and Support.
To help you on your journey the Government has also created a Cyber Essentials readiness toolkit. This questionnaire will help create a personal action plan for you and your business. And will help meet the Cyber Essentials requirements.
CCCit offers a wide range of services from Data Backup to Recovery Plans. Take a look at our services page or contact us now to get advice and a free, no-obligation assessment from one of our experts.
Call us today on 0117 370 0050.