01908 410041 | info@ccsnet.co.uk

What is Cyber Essentials and why do I need it for my business?

Cyber Essentials, Cyber Security

You may have heard about Cyber Essentials via posters, the government website or speaking with other businesses. You may have even come across it as a requirement when bidding for certain projects, especially MOD or Central government contracts.

In this article we discuss What is Cyber Essentials, what are the benefits of becoming certified and how you go about attaining the accreditation.

As a Cyber Essentials certified business ourselves we know what the requirements are and how to achieve them with the correct implementation of processes, documentation and system configurations.

What is Cyber Essentials?

Cyber Essentials a self-assessment in the form of a questionnaire that assesses Cyber Security.

The government backed scheme ensures you have implemented basic levels of protection against cyber attacks, forcing you to assess the level of security throughout your network and implement the necessary changes before you can become certified.

Why should your business achieve Cyber Essentials accreditation?

With an increase in cyber attacks, the threat of losing critical data is real. Implementing a security strategy is vital, and shouldn’t be ignored. But let’s be honest, although you know deep down you should be taking it seriously, there’s nothing like the risk of losing a big client or project, to promote it to the top of the priority list.

Achieving the accreditation and becoming Cyber Essentials certified will:

  • Help prevent and mitigate the impact of cyber attacks
  • Allow you to bid for MOD and Government projects
  • Bid for grants or funding opportunities that require the certification
  • Increase your chances of winning business from other accredited organisations wanting to partner with like minded businesses
  • Show your customers and prospective customers that you take cyber security seriously.

How much does it cost to become Cyber Essentials certified?

The cost of becoming certified will depend on the size of your business. All the prices to receive your certification are listed on the IASME website. To get your business ready for compliance, you maybe required to implement changes. Therefore there may be a cost to become compliant in order to receive your certification.

As your IT provider, as part of our managed services contract we will take you through the process from understanding your systems and getting your ready for your certification within a year and the maintain that status, by ensuring you stay compliant and in a position to renew every 12 months.

How long will it take to complete?

Although it’s a self-assessment questionnaire, that doesn’t mean it’s a two-minute job to fill it in.

At first glance, the 64 questions may not seem too daunting but reading through them will help you to establish whether you are in the position to answer them correctly. Baring in mind, becoming compliant may require investment of time and money updating or replacing systems.

It is recommended to tackle Cyber Essentials proactively rather than reactively. Working through the questions systematically will give you time to consider the options and the cost of any investment needed.

Does Self-Assessment mean we can do it ourselves?

As the process is self-assessment, you can do it yourself, but we would advise working with an expert like your IT provider. Rather than guess or try and muddle through, allocating time to work with experts who understand your systems will make the process a lot easier.

As well as understanding the terminology the assessment body will be looking for, they will also be able to work with you to rectify any gaps in your security and offer solutions to fix them. This could mean replacing hardware, addressing permissions and clarifying what aspects of the business are in scope.

What is Cyber Essentials Plus?

In addition to Cyber Essentials, the next level of assessment is Cyber Essentials PLUS. This is a technical audit of your systems that are in-scope for Cyber Essentials. An assessor will visit the business and conduct a series of tests on your systems to establish the level of security in place. It’s worthwhile finding out which level of is required when bidding for projects to ensure you hold the correct one.

If your business needs to be Cyber Essentials certified, don’t leave it to the 11th hour. There may be more involved than you realise.

Key points

  • Take some time to understand what Cyber Essentials is.
  • View the Cyber Essentials questionnaire here.
  • Assess the true level of cyber security in your business.
  • Assess whether your business will need Cyber Essentials to keep or win new business.
  • If you decide to pursue getting certified, get some expert advice to help complete the questionnaire. 

If you need help achieving Cyber Essentials or Cyber Essentials Plus call us on 01908 410041 or send us an email.

Related Articles