Why Re-Certify to Cyber Essentials?
Cyber Essentials is a Government backed certification introduced following their concern that organisations were not putting the basic technical controls in place to protect themselves against the most common internet-based attacks.
The Scheme is referenced in the National Cyber Security Strategy 2016-2021:
The Cyber Essentials scheme was developed to show organisations how to protect themselves against low-level “commodity threat”. It lists five technical controls:
- access control;
- boundary firewalls
- Internet gateways
- malware protection
- patch management
- secure configuration
Organisations should have all the above controls in place.
The vast majority of cyber attacks use relatively simple methods which exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the Internet which enable even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats.
Cyber Essentials is a simple yet effective scheme that will help protect an organisation against some of the most common cyber threats, such as:
- Phishing attacks
- Password guessing
- Network attacks
Cyber Essentials is a flexible certification that is applicable to organisations of all sizes and all sectors.
Cyber Essentials reassures you current and potential clients that you take cyber security seriously.
Cyber Essentials is mandated, or actively encouraged, across an increasing number of government and private sector contracts. For MoD contracts, it is required throughout the supply chain.
The Information Commissioner’s Office recognises the Cyber Essentials scheme and its ability to provide certain security assurances and help protect personal data in an organisation’s IT system. ‘Get in line with Cyber Essentials’ is a section in the ICO’s ‘A practical guide to IT security’ publication.
Cyber Essentials is encouraged by regulators such as the Financial Conduct Authority, ‘Gaining (a certification), such as Cyber Essentials, could improve the security of your firm.’
Cyber Liability insurance included for organisations under £20m, achieving verified self-assessed certification covering the whole of their organisation.
Why should you re-certify?
- Once you have certified once, it should be much easier to recertify unless you have had major infrastructure changes or your software has gone out of support.
- An up-to-date certificate reassures your current and potential clients that you take cyber security seriously.
- You will only be listed as Cyber Essentials certified on the government website for one year from the date of your certification unless you renew.
- A requirement in the majority of government tenders and an increasing number of non-government tenders. These tenders often specify that the certificate must have been awarded within the last year.
- Having a Cyber Essentials certificate issued within the last year will be taken into account by the ICO in the case of a data breach.
- The Cyber Insurance which is awarded to all UK SMEs when they achieve Cyber Essentials only lasts for a year and cannot be renewed unless the organisation recertifies to Cyber Essentials.
To apply or re-apply for your Cyber Essentials Certification, please click the button below.