Cyber Essentials: what is it and why should your business have it?

31.03.2022

There are lots of initiatives and steps that businesses can take to improve their cyber security defences. One of the key ones for UK businesses is the government-backed Cyber Essentials Scheme.

In this article, you’ll learn all about the scheme, how it can help to improve your business’s cyber security, and how the latest updates affect you and your staff.

Cyber Security ebook

What is the Cyber Essentials scheme?

Due to the increased number of cyber attacks, the huge negative impact on individual businesses and the economy, and consequently the need to ensure that good practices in information security take place, the UK government Department for Business, Innovation and Skills (DBIS), introduced a government-endorsed scheme called Cyber Essentials.

Cyber Essentials was developed back in 2014 in collaboration with industry partners such as the Information Security Forum, the Information Assurance for Small and Medium Enterprise Consortium (IASME) and the British Standards Institution. Due to the significant rise in these attacks in the last few years, especially for SMEs, security is now more important than ever.

The scheme was introduced to protect data by providing a security framework, ensuring companies follow a basic level of due diligence on how data is accessed and secured to avoid it being compromised.

It covers a set of five basic controls which are designed to ensure businesses keep their data secure. These are:

  1. Access control
  2. Secure configuration
  3. Patch management
  4. Malware protection
  5. Internet gateways and boundary firewalls

What are the benefits of the Cyber Essentials certification?

A Cyber Essentials certification brings many benefits to an organisation, including improved protection against 80% of the most common cyber attacks. Some of the additional advantages include:

  • Trust and confidence - companies that have the Cyber Essentials trust badge are showing their compliance and dedication to cyber security which aims to build trust and confidence amongst customers, suppliers, investors and other partners
  • Secure partnerships - it is also a useful standard for companies to check for when working with potential partners when data is involved
  • Reassurance - Cyber Essentials can reassure customers that you are working to secure your IT systems against cyber attack, which can help you attract new business
  • Free insurance - businesses that comply with Cyber Essentials may be eligible for free cyber insurance cover up to £25,000 and it may also reduce other business insurance costs

What are the latest updates to the Cyber Essentials scheme? 

In early 2022, several updates were applied to the Cyber Essentials scheme to bring it into line with the changes in cyber security protocols, and to keep pace with the changing world of work.

As more businesses turn to cloud computing and many workforces now work remotely (at least some of the time), the scheme was updated to reflect these changes with the following initiatives.

Home working devices

One of the biggest changes to working environments is the speed at which many businesses have transitioned to remote or hybrid working, accelerated by the Covid-19 pandemic. In order to maintain compliance with Cyber Essentials, all devices (including laptops, tablets and smartphones) that are used for home-based working must be secured via the necessary firewall guidelines and other security measures.

Multi-factor authentication

To comply with the Cyber Essentials accreditation, businesses must now implement multi-factor authentication (MFA), which provides an additional layer of protection beyond passwords and greatly reduces the chances of an unknown or unwanted user accessing a network.

Endpoint devices

Under the initial scheme, businesses only needed to have their server systems certified as part of the assessment. However, the 2022 update means that it’s now compulsory for all endpoint devices to also be secured to prevent vulnerabilities across the network.

Software updates

The latest Cyber Essentials update recommends that newly released and high or critical risk software updates are applied within 14 days of release. Automatic updates should also be enabled for critical software, with software on devices no longer in use being uninstalled. Finally, all software must be fully licensed and purchased directly from the developer.

Account separation

Staff are encouraged to have separate accounts for work and social use to reduce the risk of the business’s network being compromised. This means that non-work activities such as browsing social media or surfing the web should be done using a separate account to the one used for work.

How can you become Cyber Essentials certified?

Cyber Essentials is a self-assessment scheme which can be completed remotely. However, to ensure full compliance and to maintain compliance we recommend that you work with your IT department or outsourced IT support company who will be able to carefully and effectively guide you through the process.

Some organisations (particularly Government and public sector) will require Cyber Essentials Plus accreditation in order for you to transact business with them. This is the same as Cyber Essentials but with the addition of a detailed third party security assessment.

cyber-essentials-provider

The PC Support Group is an IT support provider with the Cyber Essentials trust badge, and we have worked with a number of our clients to help them gain CE accreditation. We are therefore well placed to support you in achieving the accreditation. Our experienced team have many years of experience in IT and cyber security, and can help you to complete the scheme.

Get in touch with us today on 03300 886 116 or info@pcsupportgroup.com to find out how we can assist.

Looking to learn more about cyber security and how to improve your business’s defences? Download our free guide, Protect, React, Recover: A Guide to Cyber Resilience for SMEs.

Cyber Security ebook