Cyber Essentials is the scheme developed by the National Cyber Security Centre (NCSC), the cyber security agency of UK government, to define, promote and assess good security practices. Cyber Essentials looks at security ‘controls’ in five key areas:
- Secure configuration
- User access control
- Malware protection
- Patch management
What this means to you
It is estimated that proper implementation of the controls set out in Cyber Essentials will protect a business from around 80% of common cyber attacks, so there’s a good reason to look into it. What’s more, it shows customers, suppliers and others that you’re serious about security, and can provide a competitive advantage and enhance your reputation.
Financially, though it does cost money to get Cyber Essentials certification, a UK government survey in 2019 found the average cost to micro and small businesses of attacks where data was lost was £3,650, so taking steps to improve cyber security may be a good business decision.
Why we are good
It can be beneficial to separate IT operations and cyber security work, in some cases. There can be conflict between managing the performance and usability of IT and ensuring the ongoing security of it. However, whilst this separation is theoretically good for hygiene reasons, in reality the downside for most organisations outweighs it: it costs more to engage two different services and work streams.
Our approach is to bring IT operations and cyber security together, and in doing so improve affordability for clients. Our close connections with Thompson Jenner and their financial audit services help us do this with attention to processes to help maintain objectivity and independence.
What we can do
We can support your preparation for Cyber Essentials, including helping with all the technical details and evidence to support your submission. We also work with a partner who can undertake the additional verification required for Cyber Essentials Plus.