Keeping Cybersecurity Simple
A step-by-step journey to securing your business
Keeping Cybersecurity Simple
A step-by-step journey to securing your business
Simple, affordable cybersecurity for SME’s
What are cyber essentials
In 2014 the British Government recognised the enormous risk posed by cyber attack to organisations. They realised that these risks could be avoided by following a set of basic security measures – and in response, launched the cuber essentials Scheme. This Scheme ensures a standard level of cybersecurity across all government suppliers, and has proven to be an extremely effective framework for any organisation that needs to protect its data. (that’s all of us). A study by Lancaster University demonstrated that by following the guidelines of CyberEssentials, organisations could protect against 98.5% of cyberattacks.
CyberSmart – your journey to a safer, more productive business
Ever since the Cyber Essentials scheme launched in 2014, companies have used it, and similar cybersecurity certifications, to showcase their trustworthiness and meet industry regulations. Below, we outline the three most common UK cybersecurity certifications, how to choose the right one for you, and how to get certified.
Solutions for an ever changing threat!
The cyber threat landscape is constantly changing. With hybrid working now the norm and cybercriminals continually adapting their techniques, it’s no surprise over 50% of SMEs were the target of a cyber breach in 2022.
However, for many SMEs, cybersecurity can feel costly, complicated and confusing and as a result, many don’t have the protection they need. Here at Greenlight Computers, we want to change that. Working with CyberSmart, our cybersecurity partners, our mission is to ensure every SME has the tools they need to protect itself easily and effectively.
CyberSmart follows government recommended ‘CyberEssentials’ cybersecurity standards and makes cybersecurity simple and accessible to everyone.
Contact Us for a more in-depth conversation about the benefits of CyberSmart
- Good for: Any business
- Key features: Self-assessment, accessible to all businesses
- Certification requirements: Basic
Your first level of certification
The Cyber Essentials scheme is a UK cybersecurity certification that outlines the security procedures a company should have in place to secure their data. Cyber Essentials is highly recommended for SMEs because this certification protects you against 98.5% of the most common cyber threats.
This certification covers:
- Firewalls
- Access control
- Internet gateways
- Malware protection
- Secure configuration
- Patch management
How Cyber Essentials works
To achieve a Cyber Essentials certification, you must complete a self-assessment questionnaire and submit it through an online portal. Once you’ve applied, a certification body assesses and grades the application.
Sample Cyber Essentials certification questions
- Please list the quantity of servers, virtual servers, and virtual server hosts (hypervisor). You must include the operating system. Please list the quantity of all servers within scope of this assessment. For example: 2 x VMware ESXI 6.7 hosting 8 virtual windows 2016 servers; 1 x MS Server 2019; 1 x Redhat Enterprise Linux 8.3
- Have you configured your boundary firewalls so that they block all other services from being advertised to the internet? By default, most firewalls block all services from inside the network from being accessed from the internet, but you need to check your firewall settings.
- When a device requires a user to be present, do you set up a locking mechanism on your devices to access the software and services installed? Device locking mechanisms such as biometric, password, or PIN, need to be enabled to prevent unauthorised access to devices accessing organisational data or services. And that’s really all there is to it. Once certified, your accreditation is valid for 12 months. After 12 months, you must reapply for the certification.
Contact Us for a more in-depth conversation about Cyber Essentials
Working from home
Any devices that home workers use to access organisational information are in scope for Cyber Essentials. Corporate VPNs transfer the boundary to the corporate firewall or virtual cloud firewall. Thin clients come into scope when they connect to company information or services. All smartphones and tablets that connect to a corporate network to access data and services are in scope when connecting via mobile internet (4G or 5G). Users must lock them with biometrics or a minimum password or PIN length of 6 characters.
Software and licenses
All software on in scope devices must be:
- Licensed and supported
- Removed from devices when it becomes unsupported
- Removed from scope by using a defined ‘sub-set’ that prevents traffic to and from the internet
- Enabled to update automatically where possible
- Updated, including applying any manual configurations, within 14 days of a new update
Separate user accounts to perform administrative activities only. This means that the account is separate from avoidable risks, such as emailing, web browsing, and similar activities.
- Good for: Actively growing businesses, industries with higher security requirements
- Key features: On-site technical audit
- Certification requirements: Detailed
Enhanced level certification
Cyber Essentials Plus has the same simple approach as Cyber Essentials but includes a technical audit of your systems. The controls you need are the same – the audit just makes sure they’re in place.
The audit element of the Cyber Essentials Plus certification requires some more effort, but it offers you the peace of mind that your new protections work effectively.
How Cyber Essentials Plus works
- The online assessment is the same as the Cyber Essentials Plus certification
- If you have Cyber Essentials already, you must make your Plus audits within 3 months of your last certification
- New applicants can complete their online certification as part of Cyber Essentials Plus
- Auditors typically review your head office and some of your other offices to carry out the tests on a random sample of your systems
- Many auditors offer remote audits
- Accredited businesses are certified for 12 months
Contact Us for a more in-depth conversation about Cyber Essentials
Compliance made easy
How to take your cybersecurity certifications further
The best way to go the 360 ̊ protection route is to choose one certification to implement first and then transition to the other. Don’t make the mistake of trying to do everything at once! If you want to cover all bases, you can work towards both the ISO 27001 and Cyber Essentials. Just because you’re ISO 27001 certified, it doesn’t mean that you’re Cyber Essentials compliant or vice versa. Being certified in both is an excellent way to ensure 360 ̊ protection, but it requires considerable investment.
For most businesses, we recommend starting with Cyber Essentials because it’s a self- serve option, making it a simple way to start your cybersecurity journey. ISO 27001 requires a bigger up-front investment because you must move from general security management procedures to documented and audited cybersecurity processes.
Navigate cybersecurity compliance with CyberSmart
Adapting to ever-changing cybersecurity standards is both a challenge and an opportunity. The Cyber Essentials scheme is a chance to highlight your company’s commitment to protecting client data. At CyberSmart, we’ve helped many clients achieve Cyber Essentials and Cyber Essentials Plus certifications.
We offer all the guidance you need to pass your certification – with tips and live support that mean you’ll answer the questions correct first time. If your business is a bit more complex and you need to supply additional info, there’s no charge for resubmissions. With CyberSmart, you can be certified in as little as 24hrs and our easy-to- use dashboard makes managing the whole process simple.
If you’re ready to begin your cyber security journey, get in touch today.
