Cyber Essentials is a scheme created by the UK Government in June 2014, with the primary aim of encouraging businesses of all sizes to review their IT security and adopt best practices quickly and cost effectively. We have spent quite a bit of time asssisting businesses in securing Cyber Essentials certification, so we know a thing or two about how it works. I answer a bunch of our FAQs here...
What does it do for me?
Essentially, it’s a box ticking exercise, and by ticking the boxes, you are ensuring your organisation has the most fundamental IT security controls in place. Remember, it’s the fundamentals that are often neglected, and most regularly taken advantage of if left alone.
I only have a small business, is it overkill for me?
Not at all – Cyber Essentials was designed with you in mind. It’s the smaller businesses who can’t afford in-house IT security teams to maintain the level of security larger organisations can. This makes you an easier target – so Cyber Essentials is ideal.
We have internal IT staff; don’t they take care of this?
Internal IT teams might maintain your IT security, but by certifying with Cyber Essentials, you are proving to your customers, partners and suppliers that you do! It’s a nationally recognised standard for best practice and shows the world you take this seriously.
It sounds great, but we’ve never really been hacked, is this certification necessary?
It’s almost impossible now to find an organisation that hasn’t had some kind or IT security incident. Would you know about it if you had? You could go for years without a break-in at home, even if you left your house unlocked, but it’s not something you’d do!
What do we have to do to get certified?
It’s actually pretty simple. First, you find an accreditation body that you feel fits with your business – the list can be found here. You then work with them to verify that you meet the standards set by Cyber Essentials. Finally, you complete the questionnaire, have your answers verified and you’re done!
I don’t have time for this, can you help?
If you outsource your IT services to service provider like Resolve, they will be able to take your organisation through the process from start to finish. Otherwise, you would need your internal IT staff to manage this process. We work with both internal IT teams and organisational executives alike, get in touch if you’d like to chat to us. Our support customers have access to the Managed Cyber Security Service which essentially means our technical specialists take care of their cyber security from start to finish. More details on that here: https://resolve.co.uk/blog/article/cyber-security-managed-by-resolve.