How to get Cyber Essentials Certified

Written by Billy

Latest

What is Cyber Essentials?

Cyber Essentials is a Government backed scheme designed to help you protect your organisation, whatever its size or industry, against a whole range of the most common cyber attacks.

Alongside providing clear, structured and basic guidance on best practice and robust processes for business, Cyber Essentials also gives the additional benefit of passing on these processes and expertise to an organisations customers, for peace of mind and added value.

The scheme identifies five basic security controls to protect organisations from around 80% of common cyber attacks. By addressing these areas organisations can achieve certification status at either ‘Essentials’ or ‘Plus’ level, demonstrating their commitment to cyber security and showcasing their cyber security standards as trustworthy and secure.

Why is it important for your business?

After a turbulent year of uncertainty, it has never been more important to make sure your most vital assets, including your online and digital platforms are secure, safe and compliant to avoid your business being subject to the devastating consequences of cyber attacks, data protection breaches and other key cyber risks.

What does Cyber Essentials cover?

The five key areas addressed by the Cyber Essentials scheme are:

• Secure configuration
Recognising that security is an on-going exercise and that sound policies should be in place together with well-defined processes to maintain your security.

• Boundary firewalls and Internet gateways
Protection for your internal network against attacks from the Internet.

• Access controls and admin privilege management
Prevention against accidental and intentional damage caused by current or former employees.

• Patch management
Attackers constantly identify and exploit software vulnerabilities. Hotfixes and patches should be applied to address these vulnerabilities.

• Malware protection
Most people are familiar with anti-spam and anti-virus protection, but initialising user awareness training for employees is as important as installing these system in the first place. Understanding how to use them is key to their effectiveness


How can my business achieve Cyber Essentials?

The scheme has been constructed to be accessible, achievable and at a relatively low cost. Some organisations may be able to achieve Cyber Essentials certification by simply completing an online self-assessment, which addresses current key processes. Those businesses with a strong core knowledge of their cyber security policies can download and complete this for free.

However, many businesses will not be equipped with the specialist knowledge, software and hardware to achieve Cyber Essentials using this questionnaire, which is where we can help.

Achieving Cyber Essentials with Two Point Zero is simple:

Stage 1 – Initial Security Audit

We provide a full analysis of your current cyber security practices and systems against the Cyber Essentials framework. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies.
At the end of the audit we will discuss with you the changes needed to achieve the most suitable level of certification for your organisation.

Stage 2 – Pathway planning

Once we have assessed your organisations individual needs we can create a clear action plan to help you achieve certification. The majority of changes usually consist of system administration or minor alterations and are very low cost but if additional or replacement hardware and software is required we will include these in our plan.

Stage 3 – Completion of the Cyber Essentials Assessment and Submission to the assessment body

When you are happy with the plan we will implement the actions, sign off the CE questionnaire, re-run the security scans and obtain certification for you.

Stage 4 – Ongoing Compliance

We use software that provides real-time reporting on the status of your compliance on Cyber Essentials. This means it is cheaper at renewal time as the network has been kept compliant and also provides a piece of mind that your company is safe and secure.