If you are reading this blog post, you’re probably aware of the government-launched and industry-backed Cyber Essentials scheme and are thinking about certification.
Providing a set of five controls that organisations can implement to establish a baseline of cyber security, Cyber Essentials is more relevant than ever.
Cyber risks are everywhere
User-targeted cyber attacks are showing no signs of slowing down. On the contrary, they are becoming not only more frequent, but also more sophisticated and harder to recognise. For example, unique malvertisements (malware masquerading as advertising) have increased 80% during the first half of 2015 (450,000) compared with the entirety of 2014 (250,000), according to RiskIQ figures released at Black Hat USA 2015.
Business and consumer dependence on software makes matters worse. Software applications are subject to vulnerabilities that are easily exploited by cyber criminals. As we recently reported, WordPress’s 23% market penetration poses a serious threat to many – last year alone, 24 WordPress vulnerabilities were exposed.
Cyber Essentials helps address the weaknesses above, as well as many other common weaknesses and vulnerabilities, and makes your organisation more secure, while giving you the opportunity to achieve certification to prove your credentials.
IT Governance has been a CREST-accredited certification body for the Cyber Essentials scheme since its launch in June 2014. Our experience has taught us that organisations have different approaches to certification, but once they have implemented the required controls and are ready to submit their self-assessment questionnaire, they want to do it as swiftly and as cost-effectively as possible.
This prompted us to be innovative with our certification process, too, so we developed CyberComply, a unique online platform that enables clients to apply for certification online, saving time and money.
The platform provides detailed guidance on completing the questionnaire and defining the scope, in addition to the ability to schedule the external vulnerability scans mandated by CREST, as well as site visits for certification to Cyber Essentials Plus, making the process easy and pain-free.
CyberComply lets the applicant take remedial actions to correctly implement the five Cyber Essentials controls before finalising the questionnaire and submitting the application to IT Governance. Companies seeking further assistance are able to make use of the Live Online service offered by IT Governance, which can be purchased via the CyberComply portal itself.
Customers seeking Cyber Essentials Plus certification can also schedule an internal site assessment with an assessor via the platform, and provide details of all Internet-connected devices prior to the assessor’s visit.
In-line text clearly explains what is required at every stage, and a status bar indicates exactly how the certification process is progressing.
If their application is successful, applicants will receive their certificate, testifying that their organisation meets the requirements of Cyber Essentials or Cyber Essentials Plus, as outlined by the Cyber Essentials scheme accreditation body, CREST.
Find out more about how CyberComply works.
Applying for certification
Customers applying for certification from IT Governance will be directed to the CyberComply secure portal when they book the service online.
Don’t delay, apply now!