Don’t use templates to achieve an ISO Standard
Why you should consider using the Cyber Essentials Scheme
Most companies will employ some sort of IT system and a network of computers to store their details, and the data of their clients or customers. It’s important that you demonstrate you know how to safely store data in today’s Digital Age.
The computers you use are at risk from both physical and cyber threats on a daily basis. From easy to remember passwords to a targeted hacking attempt, you need to have the safeguards in place to protect your stored data.
Cyber Essentials’ Assurance Framework
It is increasingly important for companies to maintain robust cyber security standards, as well as demonstrating it to their clients, especially when costumers’ information being stolen or leaked is a frequent story in the headlines.
Cyber Essential’s assurance framework is designed for potential clients and customers to be able to distinguish between companies that implement necessary cyber security controls from those that don’t.
The Cyber Essentials scheme may be used as a way to mark yourself from competitors, or it may be that you have contractual partners that expose your business to a greater cyber risk (for example, sharing information). Insurers, investors and auditors may take your certification into account when assessing your risk profile.
Cyber Essentials explained
Being able to minimise the risk of online attack and maintaining the safety of your data is an essential part of modern business. The government has developed a framework called Cyber Essentials to keep your IT systems safe for your customers.
81% of large companies experienced a cyber security breach of some kind in 2014, costing on average between £600,000 and £1.5 million to fix.
Two thirds of FTSE350 companies now implement the steps included in the Cyber Essentials framework to keep their IT systems protected from security breaches.
A brief overview of Cyber Essentials guidelines
The Cyber Essentials scheme focuses on internet-based attacks against your company’s IT system, and focuses on the following five controls.
Boundary firewalls and internet gateways- Good set up of firewalls and gateways in either software or hardware form is essential to enable them to be effective in preventing unauthorised access either to or from private networks.
Secure configuration- Your systems will need to be configured in the most secure way for your organisation.
Control of access- Only employees who should have access to systems should receive systems privileges, and only at the right level.
Protection from malware- Malware and virus protection should be installed and up to date.
Patch management- The latest versions of applications and necessary patches created by the vendor should be applied to your systems.
Cyber Essentials and Cyber Essentials Plus
Cyber Essentials- At Qualitation, we will help you achieve this verified self-assessment certification. Through the use of a questionnaire, your organisation will complete an assessment of the implementation of the Cyber Essentials control themes, and then approved by a CEO or other executive member of staff.
An independent certification body will then verify the questionnaire to assess whether the required standard has been met, and if so, the certification is awarded.
Cyber Essentials Plus- If you want a higher level of assurance, Qualitation will externally test your cyber security approach. This is a far more intensive scheme and costs more than the Cyber Essentials scheme.
At Qualitation, we have 100% rate with our standards consultation services, so upon completion of the assessment, you will be awarded a Cyber Essentials certificate. This will allow your organisation to display the appropriate badge.
Common questions about the Cyber Essentials scheme
Who can become Cyber Essentials accredited? Cyber Essentials is suitable companies of all sizes and in all sectors, including the public sector, universities, not-for-profit organisations and charities.
How do I benefit from the scheme? Cyber Essentials will give your business clarity on the necessary security controls needed to reduce the risk of threats on the Internet. This can be a USP of your business, showing potential customers, clients and partners that you’re serious about cyber security.
When can I become Cyber Essentials accredited? At Qualitation, we can help you on your way to accreditation at anytime. Just contact us for more information.
Is there a time limit on the Cyber Essentials badge? To retain the right to use the Cyber Essentials badge, you must recertify once a year. This is because the assessment is like a snapshot in time. You will face new threats and vulnerabilities over time, and you will have to maintain the principles of Cyber Essentials on an on-going basis.
I already have ISO 27001 accreditation, should I get assessed against Cyber Essentials guidelines as well? You can gain the Cyber Essentials scheme badge alongside other accreditation. By meeting the standards of Cyber Essentials, you’re already meeting or partially meeting other accreditations, but we suggest having both Cyber Essentials and ISO 27001 accreditation. This is how you can best demonstrate to partners, stakeholders and customers that you take your company’s information security seriously.
Is the Cyber Essentials scheme mandated by the government? The government requires any companies bidding for contracts which have been judged to be of a higher risk to be Cyber Essentials accredited.
Will Cyber Essentials stop the possibility of getting hacked? By getting Cyber Essentials accredited, you’ll be setting your company up with a solid foundation of security measures, which will significantly reduce your company’s vulnerability. Having said this, Cyber Essentials doesn’t offer a silver bullet to remove all risks to your cyber security. If you want to address advanced and targeted attacks, you will need to implement additional security strategies.
Related posts
