From 1 April 2020 changes have taken place to the Cyber Essentials scheme. First introduced in June 2014, the scheme was designed following UK government concern that organisations were generally not doing enough to protect themselves against low level, low sophistication internet based cyber attacks.
From today, IASME officially became the sole National Cyber Security Centre (NCSC) Cyber Essentials Partner. We were the first managed services provider in Guernsey to offer Cyber Essentials certification and partnered at the time with IASME so our clients will not notice any changes.
However, we thought though, at this time of sudden change in the way we are working, it would be good to recap on why you should consider Cyber Essentials for your business and why you should re-certify each year.
Research demonstrats that the majority of cyber breaches happen because businesses have a weakness in one or more of five key areas and these five key areas form the basis of the Cyber Essentials scheme controls.
- access control
- boundary firewalls and internet gateways
- malware protection
- patch management
- secure configuration
which enable even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats. Cyber Essentials is an effective scheme that will help protect an organisation against some of the most common cyber threats, such as:
How easy is it to re-certify?
Once you have certified once, it should be much easier to recertify unless you have had major infrastructure changes or your software has gone out of support. The benefits of re-certifying are:
An up-to-date certificate reassures your current and potential clients that you take cyber security seriously
You will only be listed as Cyber Essentials certified on the government website for one year from the date of your certification unless you renew
A requirement in the majority of government tenders and an increasing number of non-government tenders. These tenders often specify that the certificate must have been awarded within the last year.
Having a Cyber Essentials certificate issued within the last year will be taken into account by the ICO in the case of a data breach
The Cyber Insurance which is awarded to all UK SMEs when they achieve Cyber Essentials only lasts for a year and cannot be renewed unless the organisation recertifies to Cyber Essentials
If you'd like to find out more, do get in touch.
In light of the heightened increase in cyber crime during the coronavirus panedemic, please make yourself familiar with the steps you should be taking to work securely from home, as well as make yourself aware of any attempted coronavirus scams. Downloads are available here and here.