One of the best ways to ensure your business or organisation understands its cybersecurity duties is to become Cyber Essentials certified.
The UK-government backed Cyber Essentials scheme is supported by the National Cyber Security Centre and it details five basic security controls to protect businesses from 80% of common cyber threats.
The controls are firewalls and routers, malware protection, software updates, secure configuration, and access control.
Organisations of all sizes and in all sectors show their commitment to good cybersecurity by gaining a Cyber Essentials certificate.
How will becoming certified help my business?
It will help you understand what you need to do to become compliant with data protection rules – Including those contained in the General Data Protection Regulation, avoiding data breaches and potentially costly fines and loss of trust from customers. If there is an investigation by the Information Commissioners’ Office, having this certification shows your commitment to cybersecurity and data protection.
It will help protect your business against common online threats. Most cyber-attacks exploit basic IT security weaknesses. The most common include ransomware, phishing, password guessing, malware, and network attacks. The cost of these attacks can be devastating for businesses in financial and reputational terms.
It will help you win new business. Your potential clients or customers will see you take online security seriously and that their data will be treated with care. This is particularly important when looking for contracts with UK government departments, the devolved governments of Wales, Scotland, and Northern Ireland, and local authorities. If you’re looking to work with the Ministry of Defence, you will need Cyber Essentials Plus certification. Interestingly, once businesses become certified, they say they are then looking to do business with certified organisations. (61%) Once certified, you are listed on NCSC’s website for a year.
It will help spread the importance of cybersecurity among staff. Your workers will understand the online threats your business faces, how they can play their part in avoiding them, and what the potential implications could be for the business. That will help them take this threat seriously.
You’ll audit your systems and discover security weaknesses before the worst happens. Instead of waiting for a problem to happen, the certification process means you’ll audit your own systems and practices and discover if there are weaknesses, giving you the opportunity to improve things before getting a costly bill for dealing with ransomware, for example.
So, how do I get a Cyber Essentials certificate for my business?
Find a company with expert staff who have Accredited Cyber Essentials Practitioner (Advanced) certification, as we do at Pisys.
They will help you audit your systems and discuss what your business needs to do to achieve certification.
Once you’ve carried out any changes needed, you provide answers to a questionnaire and include your evidence and we submit your application to the certification body. For Cyber Essentials Plus, our certification body will visit your site and test your systems’ vulnerabilities.
Once you pass, you become certified.Back to all articles