In our experience becoming Cyber Essentials accredited is fuelled by a businesses desire to improve their Cyber Security presence. However, it has become a more frequent occurrence for there to be a requirement if you wish to tender for work.

Cyber Essentials and Cyber Essentials Plus are mandatory requirements if you are dealing with the public sector. Over the next few years, it is likely to become more commonplace.

Cyber Essentials is a best practice driven approach to Cyber Security and hasn’t been the vital component in winning business in the past but that is changing and is expected to become more of a requirement very soon.

As an IT company we are asked to complete an IT audit and assist with Cyber Essentials accreditation and it is becoming common that they cite a need for certification to be able to win business.

Cyber Essentials is a framework for best practices for Cyber Security and Data Protection. It is a government-backed accreditation that is gaining ground consistently.

Cyber Essentials was launched in 2014 and is a questionnaire that is designed to follow the best practices in order to be accredited you have to complete an online assessment. However, you can view the questions for free so you can figure out where you are on the journey.

You can find a list of the questions on the IASME site, who are responsible for managing the accreditation.

A few example questions are:

• Are all operating systems and firmware on your devices supported by a supplier that produces regular fixes for any security problems?
• Are all high-risk or critical security updates for operating systems and firmware installed within 14 days of release?
• Do you have any services enabled that can be accessed externally from your internet router or hardware firewall?
• Do you ensure that staff only have the privileges that they need to do their current job? How do you do this?
• Have you configured your internet routers or hardware firewall devices so that they block all other services from being advertised on the internet?
• Have you changed the default password for all user and administrator accounts on all your laptops, computers, servers, tablets and smartphones to a non-guessable password of 8 characters or more?
• Have you enabled two-factor authentication for access to all administrative accounts?

This is just a few of the questions needed to achieve Cyber Essentials Certification. You also have the option of doing the Cyber Essentials Plus, this is recommended for businesses that process a higher amount of data and data that is sensitive.

Some organisations will require Cyber Essentials Plus to allow you to work with them.

I know we said it before but Cyber Essentials is becoming commonplace and that is because cybercrime is increasing every year. Businesses have to improve their Cyber Security to prevent data loss, not doing so could result in large fines or worse the end of your business.

You must also make sure any suppliers you deal with are keeping their data safe, suppliers often can access sensitive information, therefore it is critical that your suppliers strive to achieve the same level of Cyber security.

It will be your responsibility if you own the data. You must have a good Cyber Security strategy in place to ensure you protect the data. Please ensure your suppliers are following the best practices too.

Cyber Essentials Certification lasts a year, but you don’t just complete some check boxes and then wait until the following year to get your accreditation again.

Cyber Essentials requires your IT to be constantly maintained and updated, having the software and hardware in place to provide ongoing support is essential.

Hamilton Group put things in place to continually update and patch your software as updates become available. Cyber Security is always evolving and we need to protect against known threats and not just those that were around when you first complete certification.

You can be in breach of GDPR if you fail to maintain your Cyber Security, this can render your Cyber Insurance invalid and you would fail any Cyber Essentials re-accreditation and the likelihood is you would lose customers if you had a cyber breach.

If your current Cyber Security processes are taking a proactive approach then it could be a tick-box exercise, however, don’t be tempted to lie to pass certification.

Your IT systems could easily be compromised and even if you win business the potential future costs if your or your client’s data is compromised, just wouldn’t be worth it.

Most businesses that think they are on track with their Cyber Security have often done the bare minimum. Cyber Essentials can be completed by anybody but having the right understanding of IT Security is why you should hire a Cyber Security expert like Hamilton Group.

Online “experts” offering to get you passed for next to nothing does not mean they are experts, typically they lie and bend the truth.

Setting an appropriate IT budget to maintain their IT network is essential.

Yes you could, but that is really only possible if you have the knowledge of your IT network and the time to implement it. But we do recommend speaking to a professional like Hamilton Group.

You can check out IASME to see the details https://iasme.co.uk/cyber-essentials/ check out the self-assessment questionnaire that can explain the process and the questions to answer.

It would be possible to complete Cyber Essentials within a week to a month, this depends on the current state of your Cyber Security in your business.

If you want help with your Cyber Essentials accreditation, we can carry out an IT audit on your systems and find out your current position.

We understand there will be gaps to achieve certification, but we can help set up a plan to fix any issues you have.

Complete our form below or call us on 01423 438953 and know that we can get you secure.