Cyber Essentials

The Cyber Essentials scheme is designed to help organisations of all sizes demonstrate their commitment to cyber security, while keeping the approach simple and the costs low.

Here’s how we can help.

Good Cyber Security is Good Business

The Cyber Essentials scheme is a UK government-backed framework supported by the NCSC (National Cyber Security Centre).

It sets out five basic security controls that can protect organisations against 80% of common cyber-attacks.

 

The certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.

The Computer Centre - Cyber Essentials

Why Do You Need Cyber Essentials?    

With the implementation of General Data Protection Regulations, the liability for data breaches falls upon the business owner.

A key part of GDPR compliance is to practice good cyber security.

Cyber Essentials provides organizations with clear guidance on what good cyber security looks like. As well as offering independent certification for those who want it, it acts as a significant selling point for businesses.

Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously.

Businesses who wish to provide goods and services to the public sector will need the Cyber Essentials accreditation.

What’s involved?

There are five key controls used under the scheme:

Secure configuration

This control requires you to have sound policies in place, together with well-defined processes to maintain your security. It recognises the fact that security is an on-going exercise.

Boundary firewalls and Internet gateways

You must protect your internal network against attacks from the Internet.

Access controls and admin privilege management

It’s important that you prevent accidental and intentional damage caused by current or former employees.

Patch management

Attackers constantly identify and exploit software vulnerabilities. It’s critical that you apply hotfixes and patches to address these vulnerabilities.

Malware protection

Most people are familiar with anti-spam and anti-virus protection, but user awareness training for employees will also fall under this control.

Achieving Cyber Essentials

Self-assessment is possible, and the questions can be downloaded for free. However, the questions are quite technical and not always easy to answer, and some organisations will not be able to achieve Cyber Essentials without additional investment in hardware and software.

So for business owners who want to ensure they’re fully compliant in terms of hardware, software and knowledge, we can help with a fully-supported three-step process:

Stage 1 – Initial Gap Analysis

We provide a full, on-site, initial gap analysis against the Cyber Essentials framework. We work with you through the entire standard, explaining exactly what is required in each area and identify any gaps in your existing processes, procedures or technologies.

The cost includes an external vulnerability scan for up to 25 IP addresses.

At the end of the audit, we’ll produce a fully costed Action Plan for achievement of the standard.

Stage 2 – Implementation

The majority of changes required are likely to be system administration or minor alterations.

If you are a supported customer of The Computer Centre there would be very little cost to this, usually only when additional or replacement hardware or software are needed.

We feel it’s better than you are aware of this at this stage, rather than paying for a certification programme up-front that you can’t achieve without additional investment.

Stage 3 – Completion of the Cyber Essentials Assessment and Submission to the assessment body

With all the actions completed and the company up to standard, we’ll sign-off the questionnaire, re-run the external vulnerability scan and obtain the certification for you.

The Computer Centre will ensure you are supported throughout the journey to Cyber Essentials certification, however much assistance you need.

FAST RESPONSE

15-minute response time

NO LONG-TERM CONTRACTS

Low Risk & Complete Flexibility

CLIENT FOCUSED

An Extension of Your Business