Skip to main content

What is Cyber Essentials?

 

 

The Cyber Essentials scheme is a cyber security standard designed by the government, which organisations can be assessed and certified against.
It identifies the security controls that an organisation must have in place within their IT systems to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
The scheme focuses on the following five essential mitigation strategies:

Malware Protection

Computer viruses are probably the most common type of malware. They spread by making copies of themselves. Well-designed anti-malware protection checks any newly downloaded program to ensure that it is malware-free

Boundary Firewalls and Internet Gateways

Firewalls and gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps to protect the system against unwanted programs, a firewall helps to keep attackers or external threats from getting access to your system in the first place. The firewall monitors all network traffic and can identify and block unwanted traffic that could be harmful to your computer, systems and networks.

Secure Configuration

Failure to manage the proper configuration of your servers and IT devices can lead to a wide variety of security problems. In particular, it can enable rogue agents to detect vulnerabilities with common security scanning tools easily. Once detected, vulnerabilities can be exploited very quickly and result in the total compromise of a system or website, including databases and corporate networks.

Access Control

Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.
There are two main types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access limits connections to computer networks, system files and data.

Patch Management

Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management tasks include: maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required.

Cyber Essentials provides organisations with clear guidance on implementation as well as offering independent certification for those who want it.

While providing a basic but essential level of protection, the Cyber Essentials scheme enables organisations that believe they are practising robust cyber security to benefit by making this a unique selling point thereby enabling business. Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously.

Cyber Essentials protects against 80% of threats and is designed for organisations of all sizes, and in all sectors.

Failure to protect against cyber-threats and data loss can lead to a fall in share price, hefty fines and reputational damage.

Having been assessed as meeting the requirements of Cyber Essentials, an organisation’s approach to information risk management becomes integral to its operations and demonstrates market leadership in cyber-security. Cyber Essentials offers a useful mechanism for organisations to effectively demonstrate to customers, investors, insurers and others that they have taken the essential precautions.

If you have any questions about Cyber Security in general or just want to have a chat, drop us a line at hello@cybersmart.co.uk

Protecting your data and organisation is hard work — let us help you make it easier.