Cyber Essentials is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They're the digital equivalent of a thief trying your front door to see if it's unlocked.
Sec-Ops is a CREST certification body offering both Cyber Essentials, and Cyber Essential PLUS certifications.
Cyber Essentials is the entry-level certification, consisting of a self-assessed questionnaire and an external vulnerability scan of your internet facing infrastructure.
Cyber Essentials PLUS is recommended for business that want to display a higher level of security assurance. The test involves all the same elements as Cyber Essentials, however, there are additional, more comprehensive internal tests that will generally require an assessor to come to your offices.
The Cyber Essentials scheme covers five key control areas that will undergo assessment:
This control seeks to find out how you protect your perimeter, i.e. how you control whom or what can communicate with the internet.
This control looks to see how you have restricted access to fundamental and potentially damaging services or information on your computers or devices.
This section seeks to find out how you have set up your user accounts and permissions, the key here is to not to give your users too much freedom. Hackers can leverage this freedom against your organisation by gaining complete control.
Quite simply, how have you protected your systems against the threat of malware.
This control looks to find out if you have maintained your systems and applications, by applying current vender updates and security patches. Often attackers will use widely known and publicised vulnerabilities in software and operating systems to exploit flaws and gain access.
The adoption of standards and certification for cyber-security can enable your organisation, and all stakeholders, to have greater confidence in your ability to measure and reduce basic cyber risks, as it demonstrates that you have been independently assessed.
If you are involved in any government procurement process then you are likely to need Cyber Essentials as a minimum, you can find out more on this here. However, if you are not, this scheme and Cyber Essentials PLUS can help prevent attacks on your IT systems from outside or inside your company and could give your stakeholders peace of mind.