What is Cyber Essentials?

Cyber Essentials is a simple but effective government-backed scheme that helps to protect organisations from around 80% of common cyber attacks. The scheme is supported by the NCSC (National Cyber Security Centre) and is designed to help organisations of all sizes. No matter how small or large the company, this shows their commitment to cybersecurity. Upon completion of the scheme, organisations will be awarded a Cyber Essentials certification.

At this moment in time, it’s never been more important for organisations to have cybersecurity in place. During the first two months of the COVID-19 pandemic, a study revealed that 90% of organisations experienced an increase in cyber attacks due to COVID-19. Unfortunately, cybercrime is a very real threat that is only becoming more commonplace. Cybercriminals are constantly looking for new ways to gain access to sensitive business data. The pandemic has only caused a rise in cyber attacks.

But even before the pandemic, Cyber Essentials would have been essential for businesses, particularly small to medium-sized ones. While large organisations are still attacked and sometimes breached, cybercriminals target smaller businesses with startling ferocity. A 2019 study found that small businesses in the UK suffer as many as 10,000 cyber attacks every day. The average cost of dealing with such an attack is £1,300. This shows just how damaging this can be for smaller businesses.

person using two laptops
lock and chains

Cybercriminals are fully aware that small businesses are easier targets. This is due to them having less advanced security measures in place than larger, more established organisations. Even before the coronavirus pandemic, Cyber Essentials would have been an excellent investment. The scheme covers five basic topics that help you to ensure you have the proper processes in place that could prevent the vast majority of common cyber attacks. This means that many of the methods used by cybercriminals would be rendered useless. Ultimately, your organisation would have a much lower chance of falling victim to a cyber attack.

 

To be clear, having the certification itself doesn’t prevent problems with your security. It is the processes and meeting the requirements of Cyber Essentials that mean you will reduce your risk of any vulnerabilities.

Are there any other advantages of Cyber Essentials?

Cyber Essentials gives you a competitive advantage. Nowadays, particularly since the pandemic, people have become much more aware of the risks of cybercrime. Tenders may ask suppliers for proof that their business data will be secure. In this situation, showing you have Cyber Essentials certification would demonstrate that you understand the importance of data security. It also shows that you use appropriate procedures, processes, software and devices.

In order to apply for UK Government contracts, Cyber Essentials is a mandatory requirement. For many of these contracts, you will be dealing with employees’ personal information. As such, you will need to demonstrate that you have proper security controls in place. Cyber Essentials is an internationally recognised scheme that proves that you have what it takes to handle sensitive information.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is the first level of the scheme. It requires you to perform a self-assessment questionnaire from a licensed certification body that evaluates your answers. Cyber Essentials Plus is a more advanced scheme that involves the licensed security body performing an on-site audit and a test of your technical security controls.

Cyber Essentials Plus is more expensive and takes longer, however it’s a more thorough test of your cybersecurity. If you really want to get on top of your data security and prove that you’ve taken all the necessary steps to protect your organisation, then Cyber Essentials Plus is the right choice for you.

How did we become Cyber Essentials Certified?

We passed our Cyber Essentials assessment with the help of Plan IT Support. Plan IT Support is an IT company that guided us through the process. They also made sure we were fully prepared to complete the self-assessment. Some parts of the Cyber Essentials checklist were technical and required some specialist knowledge to understand, so we’re glad we had the friendly Plan IT team on hand to help us! As well as helping us achieve our Cyber Essentials certification, we’ve also used Plan IT Support for a range of other IT services over the years. The time and support you may need to get the certification will very much depend on how your business operates. Given what we do, we have a huge range of devices. We had to ensure all of them were being used correctly, regularly updated and that they met the requirements of the certification. For other businesses, it may be a quicker or easier process!

If you’re looking to find out more about Cyber Essentials and why you’d need it, we’d recommend reaching out to Plan IT Support. We have seen what happens when businesses don’t prioritise security. We regularly have to help organisations to restore their websites after a hack or breach. This means we have been working securely since we first set up We Create Digital. However, it is great having that recognised through the Cyber Essentials certification. We know it will help to further demonstrate our commitment to security.

During a time where organisations have never been at a greater risk of cyber attacks, we’d definitely recommend completing the Cyber Essentials scheme.