An increasing number of businesses are seeking help to achieve Cyber Essentials or Cyber Essentials Plus to pitch for new projects as well as retain the contracts they already have.
It is fast becoming a standard requirement of the tender process for many projects and partnerships. In fact, you must be Cyber Essentials certified to work with the MOD or Central Government.
In addition, local authorities and grant or funding opportunities are also starting to follow suit as they insist on the accreditation to proceed with bids.
What is Cyber Essentials?
It’s a self-assessment in the form of a questionnaire that assesses Cyber Security. The government backed scheme ensures you have implemented basic levels of protection against Cyber Attacks, forcing you to assess the level of security throughout your network and implement the necessary changes before you can become certified.
Why is Cyber Essentials important?
Cyber Security really isn’t something businesses can afford to ignore.
With an increase in attacks, the threat of losing critical data is real, so implementing a security strategy is vital. But let’s be honest, although you know deep down you should be taking it seriously, there’s nothing like the risk of losing a big client or project, to promote it to the top of the priority list.
Achieving the accreditation will;
- Help prevent and mitigate the impact of Cyber Attacks.
- Allow you to bid for MOD and Government projects.
- Bid for grants or funding opportunities that require the certification.
- Increase your chances of winning business from other Cyber Essentials accredited organisations wanting to partner with like minded businesses.
- Show your customers and prospective customers that you take cyber security seriously.
How long will it take?
Although it’s a self-assessment questionnaire, that doesn’t mean it’s a two-minute job to fill it in.
At first glance, the 64 questions may not seem too daunting but reading through them will help you establishing whether you are in the position to answer them correctly. Baring in mind, becoming compliant may require investment of time and money updating or replacing systems.
It is recommended to tackle Cyber Essentials proactively rather than reactively. Working through the questions systematically will give you time to consider the options and cost of any investment needed.
Can we do it ourselves?
As the process is self-assessment, you can do it yourself, but we would advise working with an expert like your IT provider. Rather than guess or try and muddle through, allocating time to work with experts who understand your systems will make the process a lot easier.
As well as understanding the terminology the assessment body will be looking for, they will also be able to work with you to rectify any gaps in your security and offer solutions to fix them. This could mean replacing hardware, addressing permissions and clarifying what aspects of the business are in scope.
What is Cyber Essentials Plus?
In addition to Cyber Essentials, the next level of assessment is Cyber Essentials PLUS. This is a technical audit of your systems that are in-scope for Cyber Essentials. An assessor will visit the business and conduct a series of tests on your systems to establish the level of security in place.
It’s worthwhile finding out which level of Cyber Essentials is required when bidding for projects to ensure you hold the correct one.
If your business needs to be Cyber Essentials certified, don’t leave it to the 11th hour. There may be more involved than you realise.
Key points
- Take some time to understand what Cyber Essentials is.
- View the Cyber Essentials questionnaire here.
- Assess the true level of cyber security in your business.
- Assess whether your business will need Cyber Essentials to keep or win new business.
- If you decide to pursue Cyber Essentials, get some expert advice to help complete the questionnaire.
If you need help achieving Cyber Essentials or Cyber Essentials Plus call us on 01908 410041 or send us an email.
Further Reading;
