London eye

Government Basics For SME – The Cyber Essentials Scheme

Published 21 December 2017

Government publishes guidelines to help businesses protect themselves from Cyber crime. 

The government has published guidelines to help businesses understand their requirements for IT infrastructure. This is called their Cyber Essentials Scheme, and it’s constantly being reviewed and edited to stay up to date with new developments. This scheme was created to help business owners understand the risks a cyber attack poses to their business, and give them the tools they need to protect against it. This month, we wanted to introduce you to what this scheme is all about, and how you can earn the cyber essentials badge.

What Is Cyber Essentials?

Each year, cyber attacks cost UK businesses thousands of hard earned pounds, and put millions of customer’s data at risk. That’s why so much emphasis is placed on cyber security today – almost more than physical security. But for years there was no form of consistent, external verification that a business was doing all it could to protect the data it held. So the UK Government stepped in and created the Cyber Essentials Scheme. This scheme has been around for quite a while, and has been improved to align with technological developments.

The requirements within Cyber Essentials have been split down into 5 technical control themes, each of which is an important area for your business to focus on. These are:

  • Firewalls
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

But why is this important? Well, the main reason is that by following the principles set out in this scheme, they will help prevent the vast majority of cyber attacks against businesses who follow them, according to the UK Government.

Cyber attacks have been responsible for ruining many businesses, either by bankrupting them or by causing so much reputational damage that they were forced to close their doors. The Cyber Essentials scheme combines years of experience and technical knowledge to give business owners the best fighting chance against the hackers out there.

How Do I Get It?

The Cyber Essentials badge is more than just an image to be uploaded on your website. It’s a symbol that your organisation has met the Government endorsed standard of security. In order to obtain the Cyber Essentials qualification, you need to apply and prove you are complaint with all of the requirement. You may also be asked to supply some types of evidence before the qualification can be awarded, depending on your results. To start out, you will need to:

  1. Establish the boundary of scope for your organisation, and determine what is in scope within this boundary.
  2. Review each of the five technical control themes and the controls they require.
  3. Take steps as necessary to ensure that your organisation meets every requirement, throughout the scope you have determined.
  4. Complete the assessment required for your level of qualification.
  5. Dependant on the awarding body, you may be subject to an external vulnerability scan.

There are two levels of certification you can apply for – Cyber Essentials, or Cyber Essentials Plus. With the basic certification, you need to complete a self-assessment questionnaire, and your responses are reviewed by an independent and external certifying body. Any business can apply for this standard, and documents are free to download.  But if you’re shooting for the Cyber Essentials Plus, you will need to do everything for the basic badge PLUS have your systems tested by an external certifying body using a variety of tools and techniques. If you pass their tests, you will have earned the higher level certification. You can find more information on the Cyber Essentials Scheme through the Government website, or via NCSC’s article here.

At Bridewell, we are proud to be helping businesses understand their cyber requirements and protect their business data. Our team of experts are all highly qualified in both the requirements for the cyber essential scheme and general security practices, so we can help you understand and implement the perfect solution for you. For more information, or to talk to one of our advisors about your requirements, just get in touch with us today.