Strengthen your cyber security
19 January 2018
As cyber-attacks become ever more persistent, and cyber criminals become more sophisticated, companies are more vulnerable than ever to harmful malware and other online threats. With high-profile cases often dominating the media, it is no longer enough for companies to simply claim they are proficient at dealing with incoming attacks. Instead, according to Quiss Technology commercial services manager Matt Rhodes they must prove it
Businesses are adopting much stricter vetting processes when it comes to selecting a partner or supplier, so companies are beginning to seek Cyber Essentials Plus certification to assure new and existing clients of their credentials.
A seal of approval
There are currently two different certifications available to businesses – the standard Cyber Essentials and the Cyber Essentials Plus.
Cyber Essentials represents the most basic level of cyber security, and requires organisations to complete a short questionnaire regarding their current security controls. This basic level of certification does not provide assurance that systems are effectively configured to defend against more sophisticated or persistent attacks.
Cyber Essentials Plus, however, requires an organisation to undergo a more thorough assessment, based on internal security assessments of end-user devices.
Using a range of specialist tools and techniques, the Cyber Essentials Plus assessment directly tests that individual controls have been implemented correctly, and recreates various attack scenarios to determine effectiveness.
The Cyber Essentials Plus certification requires your organisation to have five technical controls in place, including;
- Boundary firewalls - these devices are designed to prevent unauthorised access to or from private networks, but require good setup to achieve maximum effectiveness;
- Secure configuration - ensuring systems are configured securely to suit the requirements of an organisation;
- Access control - only allowing those with authority to have access to systems;
- Malware protection - ensuring the most up to date virus and malware protection had been installed;
- Patch management - ensuring the latest supported version of applications is used and all the necessary patches have been applied
Staying vigilant – remaining protected
For those businesses who are serious about improving their online security, Cyber Essentials Plus is really the only option worth considering.
The Cyber Essentials Plus scheme provides a well-defined standard that is suitable for organisations across all sectors, including charities, schools, universities and local authorities.
While the standard Cyber Essentials certification is a necessary starting point, Cyber Essentials Plus can provide companies with greater assurance that their security is up to scratch, and capable of dealing with incoming threats.
Cyber Essentials Plus and the procurement process
Since 2014, Cyber Essentials Plus has been a mandatory requirement when applying for government contracts, and it looks as though we are transitioning to a point where businesses must hold a badge to be considered for most public-sector work.
Cyber Essentials Plus offers procuring organisations greater levels of assurance that required controls and checks are indeed in place.
If your company is serious about achieving Cyber Essential Plus status, the first step is to visit the official www.cyberaware.gov.uk website, and select one of the official accreditation bodies listed.
Once you have received Cyber Essentials certification, you will then need to start the Cyber Essentials Plus compliance process by introducing the appropriate controls to your system.
When looking for support to help you achieve Cyber Essentials Plus, it is important you contact an IT specialist with plenty of experience helping clients achieve compliance.
While Cyber Essentials Plus can give you a competitive advantage and help you secure new business, achieving the badge should only be the start of your ongoing commitment to improving cyber security.
There are much more sophisticated assessments available to businesses, including Penetration Testing and Simulated Targeted Attack and Response, which assesses specialist business functions with a market or country influence.
If you think your organisation could benefit from these additional levels of assessments, then contact an IT specialist and achieve total security for your business and clients.