As of January 24, 2022, the National Cyber Security Centre (NCSC) has announced improved technical controls for Cyber Essentials and Cyber Essentials Plus, which is being called the scheme’s “biggest important update” since its introduction in 2014.
The plan needed updating to reflect the modern threats to cyber security, especially those associated with the rise of cloud computing and flexible work arrangements.
Organisations seeking initial or renewed Cyber Essentials or Cyber Essentials Plus certification will be affected by this update. Everything you need to know to ace your forthcoming Cyber Essentials test is laid out in this document.
What is Cyber Essentials?
Cyber Essentials is a certification scheme managed by the National Cyber Security Center and supported by both the government and private sector (NCSC). Cyber Essentials was first introduced on June 5, 2014, and as of October 1, 2014, the government mandated that all providers competing for contracts requiring the handling of specific types of sensitive and personally identifiable information be certified against the system.
The scheme instructs firms in the basics of cyber security and how to protect themselves from the most common dangers. Your company’s dedication to Cyber Security will be recognised with the completion of this certification. Cyber Essentials (CE) Certification is available in two tiers. Either CE or CE Plus.
What are the benefits of Cyber Essentials Certification?
# 1. It’s a solid foundation for safety🛡
Cyber Essentials is a great place to start if your company isn’t particularly tech savvy. There are many different kinds of cyberattacks, but the vast majority are carried out by amateurs wanting to make a fast buck. By implementing the 5 technological controls, you may rest easy knowing that your system is protected from the vast majority of common security threats. It’s not too expensive, and with Creative Networks’ remote assistance feature, getting certified is simpler than you might expect.
# 2. It aids in fulfilling your legal responsibilities under the terms of the contract📝
Cyber Essentials is becoming a standard demand in commercial contracts because it delivers increased levels of trust to stakeholders. Since many top executives consider cyber security to be extremely important, companies are carefully examining their supply chains for potential vulnerabilities.
# 3. It offers opportunities to bid on exciting government contracts🏆
By becoming certified, you can compete for Government contracts and gain access to new markets. Working with any government agency requires a Cyber Essentials certification. This security measure is mandatory in order to lessen the possibility of a data breach and protect any confidential information you may handle from threat actors. You could further demonstrate your dedication to security by earning the second badge, Cyber Essentials Plus, and thereby increasing your credibility.
# 4. It shows your commitment to Security ✅
Having IASME certification is a cheap and easy way to show clients that their data is safe with you. You can display the certification badge on your website, marketing materials, and tenders to demonstrate that you care about the safety of your company’s data and clients. This will give your company more credibility with everyone – customers, workers, shareholders, and vendors.
# 5. It gets you ready for the next chapter of business continuity📈
Cyber Essentials is a good start for improving your company’s security, but if you want to show that you’re serious about security, you should go for Cyber Essentials Plus. By getting Cyber Essentials Plus, you’ll show customers and others that you take security seriously. This involves having independent verification and more stringent system vulnerability tests.
What are the five technical controls of Cyber Essentials?
Firewalls: Putting in place a barrier between your network and the Internet, either manually or automatically.
Secure Configurations: Configure your system securely to prevent unauthorized access. Use the more secure options instead of the default settings.
User Access: It should be limited to only what is necessary for them to perform their role, in order to reduce potential damage from a compromised account. Special privileges should be granted only to those who truly require them.
Defense Against Malware Attacks: Employing Anti-Malware Tools, Whitelisting, and Sandboxing to Safeguard Yourself and Your Company.
Patch Management: Ensure that all of the mobile devices, desktop computers, and servers in your organisation are always up to date with the latest security patches. When a hardware or software vendor stops providing updates or fixes, it’s time to implement an end-of-life management policy.
Cyber Essentials Pricing
The NCSC and IASME announced a new tiered price structure for the Cyber Essentials initiative shortly after revealing modifications to the Cyber Essentials question set.
The table below displays the tiered pricing structure that uses the generally accepted concept of business size.
| Small businesses (10-49 employees) | Medium businesses (50-249 employees) | Large businesses (250+ employees) |
| £400 +VAT | £450 +VAT | £500 +VAT |
Cyber Essentials Assessment
Cyber Essentials and Cyber Essentials Plus are the two levels of certification. Cyber Essentials Plus is a more advanced assessment of an organisation’s security.
Cyber Essentials
A business must submit a self-assessment form about its current security policies, software updates, and procedures in place addressing security best practises if it wants to earn a fundamental certification. Companies typically seek the assistance of a Certification Body at this phase. Here at Creative Networks, we have trained professionals that assist firms in passing the Cyber Essentials assessment and gaining certification from the industry-recognized IASME Accreditation Body.
Cyber Essentials Plus
A company can apply for Cyber Essentials Plus certification up to 90 days after earning the foundational Cyber Essentials certification. To earn Cyber Essentials Plus accreditation, an organisation must conduct vulnerability scans, evaluate employee workstations, and fix any security flaws they find. Cyber Essentials Plus differs from the base level certification by requiring third-party technical audits of the organisation’s systems to verify the existence of Cyber Essentials controls.
Must-Haves
You need to show that you are secure in the following areas to pass the certification with flying colours:
- Each of your gadgets and programmes is safe.
- Your online activity is protected.
- Data privacy is in your hands.
- Both your hardware and software are current versions.
- All of your hardware and software is safe from malicious code.
How can we help?
The technical controls needed to pass the Cyber Essentials assessment might be challenging for firms to adopt if they lack expertise in the field of cybersecurity. Your company may count on us to assist in the introduction of these technical safeguards. In addition, we offer supplementary security services meant to further lessen the likelihood of falling prey to a cyber security attack.
To learn more about how Creative Networks can assist in your pursuit of Cyber Essentials certification, please visit our dedicated security solutions page.
