Getting the Cyber Essentials right for your organisation

By Steve Whiter
Steve Whiter, Director, Appurity, explains the importance of recognising weakness in a cyber security strategy in order to bolster and improve these parts

Interest in cybersecurity has exploded, with efforts to protect business-critical data and policies to stave off cyber-crime now a core focus for businesses of all sizes and across all verticals. This growing awareness of cybersecurity can be attributed in part to the growth of the government-backed Cyber Essentials (CE) scheme, which offers help for UK-based organisations to mitigate against cyber-attacks.

Cyber Essentials is managed by the British government’s National Cyber Security Centre (NCSC), an organisation which supports government bodies, the public sector, large corporations, and SMEs to operate safely and securely online. Businesses can seek Cyber Essentials certification via a consortium of advisors and assessors overseen by IASME, the official CE partner.

What is the Cyber Essentials scheme?

Cyber Essentials is self-assessed and independently verified. As a business leader or IT manager, you assess your organisation against a range of security questions that cover your devices, networks, and current security policies in place. CE certification helps businesses to enact basic security measures that will protect against the most common online threats including malware and phishing attacks.

Cyber Essentials Plus (CE+) is the highest level of the scheme. To gain certification, your business must undergo a hands-on technical audit relating to the declarations made in your Cyber Essentials self-assessment.

Three reasons why your business should get Cyber Essentials accredited

As cyber security attacks increase – approximately 39% of UK businesses identified a cyber attack in 2021 – demonstrating CE certification is reassuring to your existing customers that your business is serious about combating cybercrime. Certification is also attractive to potential customers who need to trust that any business partners they work with won’t open them up to potential security risks. It only takes one unprotected organisation in a supply chain to compromise the security of the rest, as evidenced by the infamous SolarWinds attack in 2020. Multiple supply chain layers meant attackers could infiltrate hundreds of organisations.

The Cyber Essentials scheme can also be a useful tool for your business in highlighting gaps in your current security strategy so that you know where to focus your cybersecurity efforts.

Does your organisation ever bid for government work in the UK? If you want to apply for government contracts which involve handling sensitive data and personal information or the provision of some technical products and services, your organisation will need Cyber Essentials Certification.

Act now to protect your business today

In January this year, the NCSC introduced an updated set of requirements for the Cyber Essentials scheme. This update represents the most significant revamp of the scheme’s technical controls since its launch in 2014.

The seismic changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape.

Many organisations have started digital transformation journeys – just take the widespread adoption of cloud services and hybrid or remote working practices. These shake-ups have inevitably introduced several cyber security challenges. How do you ensure that business-critical apps on Bring Your Own Devices (BYOD) are protected? Can employees access all their data and files in the cloud seamlessly, so that they can continue to work efficiently and productively anywhere in the world? Fortunately, CE schemes are now well-placed to offer organisations up-to-date advice and protection on these very issues.

Cybersecurity should be a top priority for leaders in organisations of all sizes and sectors. Cyber Essentials schemes are a structured, respected way to get started and will give your organisation a clear picture of where it stands and what else it needs to do to tackle the cyber challenges of today. 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI