IT Security

Cyber Essentials certification will help your business by ensuring that you have good, default security standards and processes in place. Helping you to avoid the most common causes of Cyber Security breaches. As it is increasingly being used as a de-facto minimum standard for government and large business contracts, demonstrating that you're Cyber Essentials certified may also help you win business. Read the full article to understand how to achieve certification and how this will benefit your business.

What is Cyber Essentials? 

In short, it’s a framework of Cyber Security standards aimed at Small to Medium Enterprises (SMEs) to ensure that good Cyber Security practices are being implemented. It was developed, in part, to help businesses where larger certification standards, such as ISO 27001, were considered too complex or costly to implement. 

How does this look in practice?

Without going into too much unnecessary detail, the Cyber Essentials standard aims to ensure that you and your staff aren’t low-hanging fruit when it comes to Cyber Attacks. Some key items that are advised or mandated are:-
 
  • Using passwords at least 12 characters in length.
  • Using Multi-Factor Authentication (MFA) where it is available.
  • Limiting Administrative access only where necessary for staff to do their jobs.
  • Setting up separate Administrator accounts for those requiring Administrative Access.
  • Software is kept up to date, and critical security patches are installed within 14 days.
  • Staff are only given access to data where necessary for their jobs.
  • Onboarding and Offboarding processes are in place to ensure staff access is created and removed appropriately.
  • Anti-Malware (Anti-Virus) software is in use.  

 

security check magnify  

How does this help my business? 

For a start, Cyber Essentials certification is now mandated for certain central Government contracts. It is also becoming more important for companies to ensure their supply chain is in good order, and one aspect being seen more and more is large businesses requiring that their suppliers are Cyber Essentials certified.
 
So, from being a “nice to have” certification a few years ago, it is starting to hit a point where having Cyber Essentials certification will be a requirement for doing business in a lot of cases. However, before we reach that point, having the Cyber Essentials certification can elevate your company above businesses that don’t. It can make clear that you take Cyber Security, and the protection of your (and client’s data) seriously, which could be the difference between winning or losing a contract or project.
 
Lastly, it will help you to ensure that you and your staff aren’t the victim of a Cyber Attack, which could cause financial or reputational damage to your business. Make sure you’re not the person or business that has to send out an e-mail to its contacts, informing them to ignore some fraudulent correspondence sent after a hack of one of your staff.  

What does it cost?

The price to get certified is between £320 and £600 (+ VAT) depending on the size of your company. For up-to-date pricing please see the Cyber Essentials website

How do we get certified?

  1. Apply on the Cyber Essentials website for the Level One certification, selecting the price option based on the size of your business.
  2. Once you've received your login details, you will have access to the online Questionnaire to fill in your answers. You have 6 months from applying to complete this.
  3. For any answers you're not sure about, or may need to make technical changes, we recommend getting the help of IT professionals.
  4. When you've completed all the answers, you will need to have your answers approved by a senior member of your organisation, this is done via the system.
  5. Your answers are then sent to an IT Security professional for review. Usually these are checked within 3 working days.
  6. If there are any queries about your answers, you'll receive an e-mail response to check the questionnaire again. You have 2 working days to update your answers and re-submit.
  7. The updated answers will then be checked. Again, this usually takes around 3 working days.
  8. If everything goes well, you will receive confirmation of your pass and access to download your certificate.

What should we do next?

For more information about Cyber Essentials you can view the FAQ on the Cyber Essentials website.
 
You can talk to us about how we can help you to complete Cyber Essentials certification. We provide the following guidance and services.
 
  • Assistance with completing the online Cyber Essentials questionnaire.
  • Implementing the technical security policies and configurations required, whether this is on your company network, in a Microsoft 365 environment, or both.
  • Working with you to complete an IT Policy document, based on a template we provide, which contains all the key items for Cyber Essentials compliance. We can customise this to your own IT Policy requirements.
For assistance with the process of gaining Cyber Essentials certification Contact Us Here.