What is the Cyber Essentials scheme?

Cyber Essentials is a great way to show that you care about the security of your IT systems and the data that you store.

It’s not a legal thing like GDPR or other Data Protection legislation. Rather, it’s an internationally recognised standard that you choose to sign up to, to prove to your customer, your suppliers and your staff that you take your responsibilities seriously, and that your systems conform to industry best practice.

The Cyber Essentials scheme was introduced as a UK nationwide, government sponsored accreditation in 2014 to recognise businesses that have taken steps to improve their IT systems to a good standard. The scheme offers a “Basic” and a “Plus” certification.

Cyber Essentials Certified Plus Logo

CSSCloud are proud to be Cyber Essentials Plus accredited.

What does the Cyber Essentials Basic certification involve?

The certification combines a self assessment questionnaire and an external vulnerability scan of Internet facing systems. The assessments are conducted remotely, so no on-site visit is required.

The accreditation may require the modification of current systems and possible introduction of procedures and policies that will tighten the overall posture of your network. This will in turn significantly reduce the risk of data breaches and hacking or malware attempts.

In order to pass the certification your organisation must meet all the requirements under the five headings of Firewalls, Secure Configuration, User Access Control, Malware Protection and Patch Management.

How would Cyber Essentials certification help your organisaton?

Achieving the certification will allow you to use the Cyber Essentials or Cyber Essentials PLUS badge to advertise that your organisation meets the Government-endorsed standard. This in turn shows your customers that you take cyber security seriously and will allow you to bid for Government and local Government contracts. It is also an expected standard from many larger or international organisations, including the offshore supply chain.

On a practical note, a simple virus or piece of malware could result in loss of data, disrupt cashflow and take up staff time. An attack could put off customers, prevent organisations from trading and damage their hard-earned reputation. Loss of data could breach GDPR and lead to fines or prosecution.

of businesses identified cyber security breaches or attacks in the last 12 months
had staff stopped from carrying out daily work
is the average annual cost for those who lost data or assests after breaches

These statistics provide an overview of 2019, as reported by Department for Digital, Culture, Media and Sport in their Cyber Security Breaches Survey for 2019.

How do I get it?

The great news is that as a CSSCloud customer you will already be doing all of the above, and the various formalities and adjustments needed to achieve the Basic accreditation should be fairly straightforward. If you want to go for the higher level “Plus” accreditation (which of course we hold ourselves!) we can assist with all aspects of preparing for and taking the assessment. We have a wealth of experience of working with clients to help achieve Cyber Essentials certification at both Basic and Plus levels by managing the assessment and certification on their behalf.

Our comprehensive range of cyber-security offerings includes managed anti-virus and EDR (endpoint detection and response), advanced email security and patch management.

Which standard do I need, the “Basic” Cyber Essentials or the “Plus”?

That depends on the industry sector you are in. Our belief is that the “Basic” certification is relevant to all organisations as an internal check and to show that you take security seriously. Those in sensitive industry sectors should definitely consider the “Plus” certification, typically these might include Financial (Accountants, IFA), Healthcare, Insurance, Legal, Offshore and others.