We know getting Cyber Essentials certified can be a complicated process. At OmniCyber Security, we provide you with support throughout your assessment, and to that end, our Cyber Essentials FAQs should answer any big questions you have. If there’s anything we haven’t covered here, don’t hesitate to contact us and our expert team will be only too happy to help.
Cyber Essentials FAQs:
- What is Cyber Essentials?
- Why is Cyber Essentials important?
- What are the five key controls covered by Cyber Essentials?
- Who can apply for Cyber Essentials certification?
- What is the difference between Cyber Essentials and Cyber Essentials Plus?
- How do I prepare for Cyber Essentials certification?
- Who can provide Cyber Essentials certification?
- How long does Cyber Essentials certification last?
- What are the benefits of Cyber Essentials certification?
- How much does Cyber Essentials certification cost?
- How do I get certified?
Q: What is Cyber Essentials?
A: Cyber Essentials is a UK government-backed cybersecurity certification scheme that was first launched in 2014. The scheme was developed in response to the growing threat of cyber-attacks and aims to help organisations of all sizes and sectors establish a basic standard of security.
The scheme provides a set of basic security controls that organisations must demonstrate that they have implemented effectively. Once certified, these controls will protect the organisation against the most common cyber attacks. Cyber-attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. Operating in the digital environment, they are essentially someone trying your front door to see if it’s unlocked.
Our Cyber Essentials team will help you to protect your business against these common attacks and demonstrate your commitment to cyber security.
Q: Why is Cyber Essentials important?
A: Cyber-attacks are becoming increasingly common and sophisticated, and organisations of all sizes and sectors are at risk. A successful cyber-attack can have serious consequences for an organisation, including financial loss, reputational damage, and legal and regulatory penalties.
Cyber Essentials certification is important because it helps organisations protect themselves from up to 80% of all cyber attacks by implementing basic security controls. Achieving certification can also help organisations to demonstrate to customers, suppliers, and stakeholders that they take cybersecurity seriously and have taken steps to protect themselves and their data. Additionally, certification can help organisations to meet regulatory requirements and improve their cybersecurity posture. For example, any business hoping to be awarded a UK Government contract must be Cyber Essentials certified.
Q: What are the five key controls covered by Cyber Essentials?
A: The five key controls covered by Cyber Essentials are:
- Firewalls: Organisations must use firewalls and other boundary security devices to protect their internal networks from external threats.
- Secure configuration: Organisations must ensure that their IT systems are configured securely, with any default passwords and settings changed to something more secure.
- User Access Control: Organisations must restrict access to their systems and data to only those who need it, and ensure that unnecessary users are promptly removed.
- Malware Protection: Organisations must use anti-malware software to protect their systems from viruses, worms, and other types of malware.
- Security Update Management: Organisations must ensure that their systems are kept up to date with the latest security patches, to reduce the risk of known vulnerabilities being exploited by attackers.
This is not an exhaustive guide to the requirements. For the full list of everything your organisation needs, see our Cyber Essentials Checklist.
Q: Who can apply for Cyber Essentials certification?
A: Any UK-based organisation of any size and in any sector can apply for Cyber Essentials certification. This includes both public and private sector organisations, as well as charities and not-for-profit organisations.
Q: What is the difference between Cyber Essentials and Cyber Essentials Plus?
A: There are two main flavours of Cyber Essentials certification:
Protection against a wide variety of the most common cyber-attacks. This is important because being vulnerable to basic attacks can mark you out as a target for more in-depth unwanted attention from cyber criminals and others in future.
Certification gives you peace of mind that your defences will protect against up to 80% of cyber-attacks, simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
Cyber Essentials Plus
Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach and the protections you need to put in place are the same. However, for Cyber Essentials Plus, a hands-on technical verification is carried out.
OmniCyber Security will assist and advise throughout the process to certification, enabling you to familiarise yourself and your teams with cyber security terminology, building enough knowledge to ensure your IT environment is secured. You will also have a clearer picture of your company’s cyber security level.
Q: How do I prepare for Cyber Essentials certification?
A: To prepare for Cyber Essentials certification, organisations should review the five key controls and ensure that they have implemented them appropriately. They should also ensure that all staff are aware of basic cybersecurity best practices, such as not clicking on suspicious links or opening suspicious attachments.
Q: Who can provide Cyber Essentials certification?
A: Cyber Essentials certification can be provided by a number of accredited certification bodies. These companies have been approved by the UK government to assess organisations against the Cyber Essentials standard and issue certification. OmniCyber Security is one of these companies.
Q: How long does Cyber Essentials certification last?
A: Cyber Essentials certification is valid for 12 months. Organisations will need to renew their certificate each year to maintain their Cyber Essentials status.
Q: What are the benefits of Cyber Essentials certification?
A: Cyber Essentials certification can provide a number of benefits, including:
- Helping to demonstrate to customers and stakeholders that an organisation takes cybersecurity seriously.
- Improving an organisation’s cybersecurity posture and reducing the risk of cyber-attacks.
- Providing a competitive advantage when bidding for contracts that require Cyber Essentials certification.
- Helping to meet regulatory requirements for cybersecurity.
Q: How much does Cyber Essentials certification cost?
A: The cost of Cyber Essentials certification varies depending on the certification body used and the size of the organisation being certified. However, it typically ranges from a few hundred to a few thousand pounds. OmniCyber Security lets you spread the cost of the certificate over 12 months, and you can find our pricing for Cyber Essentials and Cyber Essentials Plus at those links.
Q: How do I get certified?
A: If you’ve decided to proceed with Cyber Essentials for your organisation, our Cyber Essentials team partners with the IASME consortium and will help you to get certified. Contact our expert team or visit our Cyber Essentials page for more information.