Cyber Essentials Series Part 2: A Dive into the What, How, and Why

Apr 28, 2024 | Cyber Security

Amongst the highest priority tasks for any business owners and managers should be cyber security – an active defence against the ever-present, and always changing, threat of a cyber attack.

 

But it can be a challenge – cyber criminals are resourceful, intelligent, and malicious, and are constantly evolving their methods to try and gain illegal access to networks, systems, and databases to implement their criminal schemes.

 

From the sophisticated exploitation of vulnerabilities in the software tools you use, to methods of tricking us into revealing passwords by praying on our human frailties.

 

Fortunately, the UK Government has implemented Cyber Essentials to help UK businesses protect themselves against these attacks. Want to know more on how to get a cyber essentials certification and why you need it? Take a look at the rest of our article for more information on the toolkit, a Cyber Essentials checklist, and certification that bolsters cyber security.

 

What are the major cyber threats to protect against?

 

  1. Malware: Malicious software inserted into systems to compromise data confidentiality, integrity, or availability. Includes spyware for privacy violation and phishing for tricking individuals into revealing sensitive information.
  2. Ransomware: Prevents or limits user access to systems by encrypting files and demanding ransom payments, often in cryptocurrencies, to regain access.
  3. Distributed Denial of Service (DDoS) Attacks: Overwhelm online services with excessive traffic from infected computers, creating distractions for other cybercrimes.
  4. Spam & Phishing: Unsolicited messages and social engineering attempts to obtain sensitive information by impersonating trustworthy entities.
  5. Corporate Account Takeover (CATO): Cyber thieves impersonate businesses to send unauthorised transactions, often through weak computer safeguards or online banking systems.
  6. Automated Teller Machine (ATM) Cash Out: Large-scale ATM fraud involving simultaneous cash withdrawals or changing ATM settings to allow unlimited withdrawals beyond account balances. Targets small-to-medium-sized financial institutions and causes significant financial losses.

 

How does Cyber Essentials and Cyber Essentials Plus help?

 

Cyber Essentials helps business owners get a ’benchmark’ in place for basic and more advanced security by implementing a series of tests against five technical controls:

  1. Access control– management of access to administrator accounts to control who has access to your data and services.
  2. Secure configuration– choosing the most secure settings for your devices and software by changing passwords and removing unused accounts and software.
  3. Software updates– protect against vulnerabilities by keeping your devices and applications up to date.
  4. Malware protection– protect against viruses and other malware by using properly configured anti-malware software and only allowing trusted applications.
  5. Firewalls and routers– to create a ‘buffer zone’ between your IT network and other, external networks so that incoming traffic can be analysed to find out whether or not it should be allowed onto your network.

 

Once the above assessment is applied action can be taken to minimize your risks. Often the changes are simple and you will already have what you need to complete them; Cyber Essentials provides fundamental protection by implementing and maintaining these controls.

 

Cyber Essentials Plus enhances this protection with a more robust, hands-on verification process and technical audit of your systems.

 

What is the Cyber Essentials Checklist?

 

To help you prepare for your self-assessment, here is the Cyber Essentials checklist with key areas and equipment that will be assessed:

  • Hardware or devices used by your organisation
  • Software and firmware used by your organisation
  • Boundary devices
  • Firewalls and protecting your internet gateway
  • Cloud services
  • Secure configurations
  • Use of passwords
  • Protection against malware
  • User accounts

 

Why should you get a Cyber Essentials certification?

A Cyber Essentials certification demonstrates that your organisation takes a proactive stance against malicious cyber attacks.

 

By doing so, you’re able to:

  • Reassure customers that you are working with IT systems that secured against cyber attack
  • Attract new business with the promise you have cyber security measures in place to protect your ability to deliver your services.
  • Tender for Government contracts which require Cyber Essentials certification
  • Improve supply chain security

 

Cyber Essentials Plus is an excellent option for businesses that require a more in-depth audit of the key controls, have employees who work from remote locations, or have third parties that have access to their premises or IT systems.

 

How to get Cyber Essentials certification

 

Obtaining Cyber Essentials certification takes just three simple steps:

  • Purchase your chosen level of certification – Cyber Essentials or Cyber Essentials Plus
  • Complete your Cyber Essentials self-assessment questionnaire and upload for review by BiP Solutions (Certification Body)
  • Once your self-assessment questionnaire submission is approved, the awarding body, IASME Consortium, will post your certificate

 

Certifications are valid for 12 months once issued.

What is the Cyber Essentials certification cost?

 

The Cyber Essentials certification cost (verified self-assessment) follows a tiered pricing structure based on the size of the business, as follows:

 

Micro organisations (0-9 employees)£320 + VAT
Small organisations (10-49 employees)£440 + VAT
Medium organisations (50-249 employees)£500 + VAT
Large organisations (250+ employees)£600 + VAT

 

 

The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network.

 

Get started with your Cyber Essentials certifications today – contact the iTEXS team for help, guidance, and support to ensure your cyber security is as robust as it needs to be to keep your business moving forward, safely.

 

And look out for our next article in the series on Cyber Essentials for steps you need to take to maintain your certification, and the ongoing benefits of the scheme.

 

In the meantime, if you have any questions around your IT security or any other IT-related needs, contact the iTEXS team today on 01223 834844.

More News & Blog Posts

Going Green in Tech Part 3: Sustainable IT Management

Going Green in Tech Part 3: Sustainable IT Management

Amongst the myriad considerations business owners and managers need to consider, a heightened framework of responsibility for managing IT equipment sustainably has become an imperative for companies aiming to reduce their environmental footprint and optimise resource...

read more

IT support in Cambridge and cyber security solutions for businesses

Contact us today or call our friendly team on Cambridge 01223 834844 to find out more about our professional services, including outsourced IT support, tailored to meet your specific business needs and help you grow your business. Our reliable IT support services are provided by a team of skilled support engineers who are always ready to assist you with any technical challenges.