Cyber Essentials is a simple Government scheme that provides certificates of IT security to businesses that are actively working on ensuring their IT infrastructure is protected against cyber threats and attacks.
The scheme will help you to identify weak points in your IT systems and establish approved security measures to protect your business against common cyber attacks. By following the Cyber Essentials guidance you will be demonstrating your commitment to IT security.
What are Cyber Attacks?
Cyber attacks are an uninvited digital intrusion into your IT system carried out remotely by cyber criminals. The attack could be to one computer, or a network of computers and they are usually carried out with malicious intent – to steal your data, disable your computer or IT system, or even to gain entry to your network as a launch point to carry out further attacks on your wider network.
Cyber attacks happen in an array of different forms, and while often they are committed by unskilled and opportunistic criminals, effectively trying their luck, some can be serious, large scale and sophisticated. The advice and guidance provided by Cyber Essentials is designed to protect your business against the most common threats and attacks.
Cyber Essentials Certification
There are two levels of Cyber Essentials certification:
Level 1 Cyber Essentials
The basic level of certification is a simple self-assessment. It will guide you through ways to improve your security and measures you can put in place. Whilst simple, it will protect against a wide range of less sophisticated attacks that make up the majority common of cyber threats. By protecting yourself against low scale intrusions (the criminals just trying their luck!) you are less likely to be targeted by larger, more complex and serious attacks.
The certification can provide you with peace of mind, and identify you as being a business that is actively working to secure their business. This will make you a less attractive target and a more attractive business choice as clients, suppliers, etc. will know that you are taking your security seriously.
Level 2 Cyber Essentials Plus
The enhanced level of certification is called Cyber Essentials Plus. It provides the same simplicity to protecting yourself and your business, but requires an additional step and a manual technical verification of your security measures will be undertaken before you can gain this increased level of certification.
Cyber Liability Insurance
Another benefit for small businesses with a turnover under £20m, is that once your company has achieved Cyber Essentials certification, you should be entitled to Cyber Liability Insurance.
This will provide an additional level of financial security for your business should you experience a cyber attack. The policy provides a 24hr helpline where you can report the cyber incident and gain advice on managing and responding to the incident correctly, up to a total liability limit of £25,000.
It covers many of the claims that could be made against you as a result of the cyber breach and many of the emergency costs that result from a data breach, as well as the costs of having to consult expert legal, IT, forensic or even PR consultants to assist.
Perhaps the most important cover provided is the business interruption pay outs, that help you with loss of profit resulting from the cyber attack.
Security Controls Advised by Cyber Essentials
Use a Firewall
A firewall is a digital barrier between your IT systems and the internet and they’re used to secure your internet connection. It will check out any incoming traffic to your IT network and should not allow access to any unpermitted traffic.
There are different types of firewall available so best to get expert advice on the best option for your business.
Check Security Settings
New devices and software often come ‘open’ to ensure they are widely usable. However this can leave you open to attack. Check security settings, remove any unneeded software and use secure passwords.
Ensure your staff accounts only have permissions to access the functions they need to perform their jobs. Restrict access to administration accounts that can access software, settings and connectivity functions to only those that need them. This way if a staff device or account is hacked, the hacker will only have limited access to your network.
Viruses and malware, such as ransomware, can access your systems in a number of discreet ways, such as opening an infected email. Having appropriate anti-virus and anti-malware software enabled on all devices will help to minimise this type of cyber threat.
Regularly updating our devices, software, and operating systems will provide important security updates that can protect you from threats. ‘Patching’ is the manufacturer’s way of fixing security bugs or glitches that emerge after release, and it’s free and easy to do yourself.
ICU IT recommends Cyber Essentials to many of our clients because of the enhanced protection from security threats, and also because it evidences your commitment to cyber security, making you a more appealing business partner, supplier or client.
It will also give us a clear indication of your level of security and how we can help you tighten up measures to provide the best protection for your business.
We know that unless cyber security is your business, the vast array of security products and services available can be complex and time consuming to get to grips with. That’s why we will help you get certified and will work with you to identify any issues. We don’t use jargon and pride ourselves on our simple, straightforward approach, so you can rest assured we will guide you through the best options to protect your business, assets and data from cyber criminals.