Cyber Essentials Certification
What is Cyber Essentials? Cyber Essentials is a certificate that demonstrates that a business or organisation has a good level of ‘cyber hygiene’. In other words it has protections and procedures in place to minimise the risk of data loss and data breaches to them and those they come into contact with.
Why should companies get a Cyber Essentials Certificate? In 2013 the UK Government realised one of the major threats to organisations in the UK was the vulnerability of data and equipment to a range of cyber threats. Therefore they worked with various industries to create a single certificated standard that organisations could work towards that would significantly reduce the risk. The Government intends to encourage all businesses to attain this certificate and is making it compulsory in some sectors. The reasons you should obtain a certificate include:
Soon evidence of Cyber Essentials will be a requirement when tendering for certain contracts.
Being able to demonstrate you have good cyber security will make your business more attractive to trade with as you are less likely to fall victim to a cyber-incident and are less likely to harm those you come into contact with.
Achieving Cyber Essentials will significantly reduce the likelihood or severity of a data breach to your business.
What does cyber essentials involve? To achieve the standards required your organisation needs to submit a completed questionnaire demonstrating a good level of cyber security in 5 key areas:
Boundary Firewalls & Internet Gateways – These should be set up to restrict unauthorised access to your systems.
Secure Configuration – Your equipment and software should be configured to minimise security vulnerabilities.
Access Control – Access to your systems should be controlled and restricted to users at appropriate levels.
Malware Protection – Systems need to be protected from viruses, etc. Particularly those communicating via the internet or email.
Patch Management – Software must be continually updated and refreshed with updates designed to patch weaknesses.
The questionnaire is then marked and if successful you will be awarded you certificate, which is valid for 12 months.
What is Cyber Essentials Plus? This is a higher level of certification as in addition to the 5 areas listed above it also involves actually testing your system for vulnerabilities.
How to get Cyber Essentials? At the time of writing there are only 2 Accreditation Bodies who can issue certificates. We recommend The IASME Consortium www.iasme.co.uk because, for no additional cost, they are also able to offer their highly regarded IASME Certificate which when combined with Cyber Essentials gives an even greater degree of assurance to you and your supply chain.
Why does Sutcliffe & Co support Cyber Essentials? Modern businesses are especially reliant upon technology and electronic communications; therefore they are vulnerable to accidental or malicious incidents that can breach data or stop systems from working. In recent years we have become specialists in insuring against cyber risks so understand that business who achieve the Cyber Essentials and IASME certificates are significantly less likely to fall victim. As a mark of our commitment to improving the nation’s cyber security we will offer special rates on Cyber Liability Insurance to clients of The IASME Consortium.
For more information on how Cyber Essentials and Cyber Liability Insurance would benefit your business then please contact us here.