Why is Cyber Essentials Certification important to my business?

Through following the criteria of Cyber Essentials, organisations regardless of size, can have peace of mind that they have in place what is required to be protected from a range of the most common cyber-attacks.

Additionally, accredited organisations can further increase confidence in customers and stakeholders that their information is protected.

Cyber Essentials certification not only offers a clear picture of your organisations cyber security level, it can also help meet some basic requirements for future contract opportunities such as local government or similar sectors.

What does Cyber Essentials assessment include?

Cyber Essentials assessment considers all areas of your organisations IT infrastructure. It is advised that this should include all areas of your existing infrastructure. This will include all devices – such as laptops, tablets and even mobile phones – all network equipment; removable and static storage (servers) solutions; and security application throughout the infrastructure and all related policies and procedures.

Assessment will cover office-based and agile/remote working formats to ensure all areas of work and use of data are considered across the organisation.

How to achieve Cyber Essentials Certification

It is encouraged to look at your organisations IT infrastructure in phases to collate as a whole, regardless of size.

Devices:

Ensure you have a full itinerary of all the devices owned or used for business purposes. For each device, consider how this maintains security such as anti-virus, firewalls, cloud access, terms of use, access restrictions where applicable. This list is not exhaustive but can be substantial depending on the range of devices and purpose of use.

It may also be advised to include considerations of devices assigned for agile or remote working purposes as this too could aid additional considerations.

Externally managed information storage and application access – Cloud-based systems:

Following the increasing shift to cloud-based technologies, cloud-based services or data hosting systems require additional control considerations. This reflects both to individual users and their access to the associated storage/applications.

This will require differing considerations in terms of data security policies and processes including implementation of firewalls, secure configuration, user access control, malware protection and security update management.

Along with storing data securely, it is also highly recommended having an appropriate data back up solution. Though not a technical requirement of Cyber Essentials, it is recognised as best practice within the industry worldwide.

Policies and procedures:

Alongside having the tools in place to keep data protected, ensuring the organisation is equipped to also support ongoing security is essential.

Through robust policies and procedures, it is demonstrable that all persons and departments within an organisation understand their role and responsibilities to keep safe. Such policies can range of safe device use training, recognising potential threats and what to do in the event of a potential incident, and even day to day safety operation such as password advice and multi-factor authentication applications.