Cyber Essentials is crucial, especially for smaller businesses, as cybercrime continues to grow and evolve.
What is Cyber Essentials?
Cyber Essentials is a Government-backed scheme designed to help organisations of any size protect themselves from a wide range of common cyber attacks.
As cyber-attacks come in all types of shapes and sizes, it’s important to have a broad defence which can block out the vast majority of these basic attacks. Cyber Essentials provides this defence.
Cyber Essentials does more than just help organisations learn about cybersecurity and how to act in case of a cyber-attack. It also deters cybercriminals from targeting organisations who they know have Cyber Essentials accreditation.
Who should get Cyber Essentials?
Cyber Essentials is available for organisations of all sizes and all sectors. We believe that it’s particularly useful for small to medium-sized businesses as they are targeted frequently by cybercriminals.
This is because larger organisations would usually have more of a budget to invest in cybersecurity and to ensure they have multiple layers of protection. Smaller businesses and especially startups may not be able to spend as much time or money on their cyber defences.
Hackers are aware of this and are often able to hack these smaller businesses to devastating effect. This explains why 60% of small companies close within six months of being hacked.
For this reason, we recommend that all small to medium-sized businesses invest in the Cyber Essentials course. Getting certified via the Government’s partner, ISAME, costs £300 + VAT for a self-assessment course. We used a local IT support company, Plan IT to help us with this.
Once you’ve passed the course, you will gain your Cyber Essentials Certification. You can publish your certificate on your website or perhaps add a logo to your homepage to show that you are certified.
Most hackers are relatively unskilled individuals who are using basic hacking techniques to target vulnerable organisations or individuals. If they see a Cyber Essentials Certificate, they’ll be less likely to spend their time trying to hack or scam an organisation who they know will be aware of the most common cyber attacks. It will also mean you have gone through certain processes that should help to keep you secure if there is a hack attempt.
What’s the criteria?
The Cyber Essentials assessment covers the following five main topics, which between them, will prevent around 80% of cyber attacks.
Firewalls
Firewalls are important because they act as a barrier between your IT network and external networks. You need to be able to set up firewalls properly and make sure that they are performing as intended in order to prevent unauthorised access to your network.
Firewalls help to protect you against:
- Hackers trying to break into your IT network
- Viruses that are spreading across the internet
- Prevent malicious software from accessing a computer or network via the internet
Patch management
Patch management is about keeping computer software and network devices up to date over time. Doing this is important because it stops your software falling victim to major issues, bugs and malware.
Prompt patch updating is important because if hackers realise that software hasn’t been updated, they can target it with malicious software. The Cyber Essentials scheme will assess that you are confident at updating your software and network devices and that you’re aware of the security risks of poor patch management.
Malware protection
Malware protection is essential for protecting your organisation from a wide range of cyber threats, including but not limited to computer viruses, worms, spyware, botnet software and ransomware.
A 2016 study by Vanson Bourne found that 48% of cybersecurity decision-makers said their organisations had been hit by at least one ransomware attack over the last twelve months. As ransomware is only one of the many forms of attack that Malware protection defends against, this goes to highlight the importance of this topic.
The Cyber Essentials assessment tests your ability to identify known malware and restrict untrusted software from gaining access to sensitive information.
Access Control
Any organisation that is connected to the internet should have access control set up to ensure that sensitive data is only accessible to those who are authorised to see it.
Access control is so important because, without it, there would be no data security whatsoever. This means that to protect your business data, you should strive to implement the best access control systems possible, to make sure that only authorised users can ever gain access to important information.
The Cyber Essentials assessment will test your knowledge of how to assign user accounts to authorised individuals, and how to control the resources that those accounts have access to.
Secure Configuration
Secure configuration concerns the security and defence measures installed into computing and network devices as a means of minimising cyber threats.
This topic is particularly important because manufacturers will often set the default configurations of devices to be as open as possible. While this makes it easy to use and set up the device, it also makes the device itself less secure and more susceptible to external breaches.
In order to gain Cyber Essentials Certification, you will need to show an understanding of secure configuration and how you can make sure that your systems are configured to prevent a wide range of security issues.
Is Cyber Essentials worth it?
We believe Cyber Essentials is definitely worth it. As we work with clients and handle their data, we understand the importance of protecting our business from external threats, which also ties into GDPR regulations.
It’s worth mentioning that during the pandemic period, police have reported an increase in coronavirus-related scams. It’s unfortunate that there will always be people out there trying to take advantage of negative circumstances and in this case, of the confusion and fear caused by the spread of COVID-19. In response to this, we should all prepare ourselves adequately for the increased levels of criminal cyber activity.
As well as preventing cyber-attacks, Cyber Essentials certification can boost your reputation and encourage new potential customers or clients to trust you with their data or business. Furthermore, because you’ll have the knowledge and assurance that your business is safe, you and your employees will be able to focus solely on your work knowing that you are safe from cyber-attacks.
Finally, Cyber Essentials could reduce your cyber insurance premiums. Insurers view organisations with Cyber Essentials with higher regard and may offer reduced rates, which could amount to significant savings over time.
Conclusion
To find out more information about Cyber Essentials, take a look at the National Cyber Security Centre’s official website guidelines. We have also produced a blog on how to stop someone from hacking your website, which covers important but basic steps such as password control and two-factor authentication.
To conclude, Cyber Essentials really is essential. With cybercrime constantly evolving and becoming more and more common, it’s important for businesses, especially smaller and more vulnerable ones, to protect themselves accordingly.
