It’s all over the news: data breaches are becoming more common and more damaging. There’s a growing need for organisations to invest in cyber security and demonstrate to their clients that they take the issue seriously.
The government knows this. It’s arguably under more scrutiny than most when it comes to data protection, so it mandates that its suppliers have a Cyber Essentials certificate, and the MOD requires its suppliers to have a Cyber Essentials Plus certificate.
What is Cyber Essentials?
Cyber Essentials is a government-backed cyber security certification scheme that sets out a baseline of cyber security. It focuses on threats that require low levels of attacker skill and which are widely available online.
The scheme includes five key controls that when implemented correctly can stop the majority of cyber attacks. Those controls are:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access controls and administrative privilege management
- Patch management
- Malware protection
Cyber Essentials is not only for those that work with the government. In fact, all organisations are encouraged to certify to the scheme, and the government has been actively pushing it in recent months. In March the minister for digital and culture, Matt Hancock, said the number of certified organisations tripled in the past year, proving that Cyber Essentials is “an effective tool which can be built on to achieve greater security in our organisations”.
Benefits of Cyber Essentials
Organisations that certify to the Cyber Essentials scheme will be able to:
- Demonstrate their security to clients, insurers, investors and other interested parties.
- Increase their opportunities, having an advantage in the private sector and the necessary qualifications to bid for government contracts.
- Save money, because insurance agencies look favourably on organisations with Cyber Essentials.
The Cyber Essentials scheme will also help organisations address other compliance requirements such as those of the EU General Data Protection Regulation (GDPR).
If you want these benefits, you should consider certifying to the Cyber Essentials scheme with IT Governance. We are the leading CREST-accredited certification body, having awarded hundreds of certifications since the scheme began.