Why do businesses need the Cyber Essentials programme?
The government’s Cyber Essentials Programme was developed in collaboration with industry and is intended to help businesses mitigate common, online threats.
Operated by the National Cyber Security Centre (NCSC), it was launched in 2014 and has become a key element of excellence for cybersecurity, in all its forms.
Helping build robust data security strategies
Applicable to all sizes of organisations, from small to large, it offers help to those seeking to implement a robust data security strategy in order to protect both themselves and their clients.
It does this by encouraging organisations to adopt good practice in information security and includes a simple set of security controls to protect information from threats coming from the Internet.
Most cyber attacks are basic in form and are often implemented by unskilled individuals. The controls, suggested by the Cyber Essentials platform, are designed to prevent such attacks.
Cyber Essentials formats
Cyber Essentials comes in two formats:
- Cyber essentials – a self-assessment application that addresses basic threats and helps to prevent the most common attacks.
- Cyber Essentials Plus – this is the same as for Cyber Essentials but rather than being self-assessed it instead, requires verification of cybersecurity, carried out independently by a Certification Body. This is a more rigorous form of certification, better at demonstrating to potential customers that your data security position is good and tested.
Cyber Essentials offers a sound foundation of basic hygiene elements that all types of businesses can implement and potentially build upon. The government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cybersecurity risk; for example, it is not designed to address more advanced, targeted attacks and hence, organisations facing these threats will need to implement additional measures as part of their security strategy. What it can do is to define a focused set of controls which will provide cost-effective, basic cybersecurity for organisations of all sizes.
The Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus Certificates, has been designed in consultation with SMEs to be light of touch and achievable at low cost. The two options give a choice over the level of assurance given, as well as the cost of doing so. It is important to recognise that certification only provides a snapshot of cybersecurity practices at the time of assessment. Maintaining a robust cybersecurity stance requires additional measures, such as a sound risk management approach as well as on-going updates to the Cyber Essentials control themes, i.e. patching. But, the scheme does offer the right balance between providing an additional commitment to implementing cyber security to third parties, while retaining a simple and low-cost mechanism for doing so.
Delivering many benefits
For businesses who are willing to adopt these measures, the benefits can be many, including: the ability to tender for contracts that require a Cyber Essentials Certified supplier, enhanced customer trust and confidence, the provision of market differentiation and competitive advantage, protection of company assets and IP, the mitigation of common cyber threats and reduced insurance premiums.
And, becoming accredited helps to meet the requirements of GDPR. For example, GDPR talks about controlling who has access to data and understanding where PII data is held. Cyber Essentials covers this and therefore, is able to provide evidence for your GDPR statements/policies, that as an organisation, you have considered these areas and have had the controls verified by an independent assessor.
Businesses now live with the spectre of cyber attacks as the norm. Adopting the Cyber Essentials Platform is one way of taking control and starting the process of fighting back.
Every organisation can benefit from added protection. Give us a call on 0844 586 0040, or email intouch@digitalpathways.co.uk, and we’ll be happy to advise you.
