Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.
The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online.
Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, the government believes that action should begin with a core set of security controls which all organisations – large and small – should implement. Cyber Essentials defines what these controls are.
Cyber Essentials is not a silver bullet for your organisation’s security, rather it is a starting point and a solid foundation of basic hygiene measures from which an organisation can build. It is not designed to prevent more advanced, targeted attacks and organisations facing this kind of threat will need to implement additional measures within their security strategy.
The Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs to be light-touch and achievable at low cost. The two options give organisations a choice over the level of assurance they wish to gain and the cost of doing so. It is important to recognise that certification only provides a snapshot of the cyber security practices of the organisation at the time of assessment, while maintaining a robust cyber security stance requires additional measures such as a sound risk management approach, as well as on-going updates to the Cyber Essentials control themes, such as patching.
Our Security and Data Protection team work with businesses in Hastings, Brighton and across Sussex, Kent and London. We will work with you to establish the most appropriate level of certification for your needs, guide you through the process to achieve your certification and provide options to maintain the practices established as a part of the original process. Additionally, should it be required, we can advise on and implement levels of security beyond that of the Cyber Essentials standards.