Cyber Essentials is a government-backed cyber security scheme designed in collaboration with the NCSC (National Cyber Security Centre).
It was launched in 2014, setting out baseline technical controls that were predicted to protect organisations from 80% of cyber attacks.
Today, the scheme has two tiers: Cyber Essentials and Cyber Essentials Plus.
Completing them provides you with a certificate, but most importantly, goes to lengths to protect your business from common weaknesses – the kind that threat actors look to exploit.
Cyber attacks can be devastating for all businesses resulting in business downtime, financial or data loss and a severely tarnished reputation. This is particularly important to professional services that hold client data. The Cyber Essentials certification is an excellent step to help ensure business cyber security.
As a company that has recently renewed our Cyber Essentials Plus certification, Hive Communications is here to guide you through the differences and benefits of each tier.
Cyber Essentials
The first level, Cyber Essentials, is achieved through a self-assessment questionnaire.
Your organisation must confirm that it has implemented the following five basic technical controls:
- Firewalls and internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
Implementing these controls will protect your organisation against a variety of the most common (and often impactful) cyber attacks.
Cyber Essentials Plus: The Higher Standard
Cyber Essentials Plus takes your cyber resilience to the next level. While the technical controls are the same as the basic level, Cyber Essentials Plus involves a more rigorous assessment process.
An independent certification body will conduct hands-on technical verification to implement the controls correctly.
The assessor will perform various tests, such as:
- External vulnerability scans to check for vulnerabilities that an opportunistic attacker could exploit
- Authenticated scans to verify that all devices are patched against critical and high-risk vulnerabilities within 14 days of patch release
- Checks to ensure all devices have at least basic malware protection
- Tests to confirm that cloud services prompt for multi-factor authentication (MFA) before granting access
- Attempts to run administrative processes while logged in as a standard user to verify effective account separation
Hive Communications can guide you on these steps and other aspects of the process.
How Hive Communications Can Help
As a Cyber Essentials Plus certified company, Hive Communications has the expertise to help you achieve certification at either level. Our services include:
- Assessing your current cyber security posture against the latest requirements
- Guiding in implementing the necessary technical controls
- Conducting sample testing to ensure you’re ready for the official assessment
- Offering ongoing support to help you maintain your certification year after year
We understand that every organisation has unique needs, so we tailor our approach to align with your specific circumstances.
We aim to make the certification process as smooth and efficient as possible.
This fact-finding mission also serves as an excellent step for your business to level up its security and avoid becoming one of the thousands of small businesses targeted by hackers every year in the UK alone.
Get Cyber Essentials Certified
Whether you’re aiming for Cyber Essentials or Cyber Essentials Plus, taking proactive steps to enhance your cyber resilience is crucial.
Contact Hive Communications today to learn more about how we can help you achieve your certification goals and protect your organisation from cyber threats.
With the right partner in Hive Communications, you can demonstrate your dedication to security and build trust with your customers and stakeholders.