What Is The Difference Between Cyber Essentials & Cyber Essentials Plus ?
Cyber Essentials is a government-backed scheme created by the National Cyber Security Centre (NCSC). The certification is used as a set of guidelines to increase your businesses defence against attacks. Therefore, UK Businesses must ensure they protect themselves and their data from cyber-criminals. To do this, the certification has been created and it proves that any business have taken the necessary precautions to make their business safe from cyber-crime.
Due to the extreme rise we have seen in cyber-attacks in the last year, more and more UK businesses have now started the transition to becoming Cyber Essentials certified. But what is Cyber Essentials Plus? And what is the difference between the two?
Let’s have a look at the two certifications, how you get them and why they matter, right here..
What Is Cyber Essentials?
Cyber Essentials (CE) is a certification, which shows that your business have taken the appropriate security measures to protect your company, your employees and your data. To gain the certification, an assessment must be completed which go through all the technology and cyber security measures you have implemented.
The assessment includes everything from network, device and software security, all the way down to internal training and policies. Gaining the certification proves that your business has taken the right precautions to protect the organisation and operate securely. Ultimately, it allows businesses to have peace of mind, knowing that your defences will protect the business against cyber attacks. Are this certification have been introduced in the UK, we see that the cyber criminals are now looking for targets which do not have the Cyber Essentials certification.
The technical knowledge required for the assessment of Cyber Essentials is high. Therefore, most businesses will choose to obtain the certification through a managed services provider. Depending of the cyber security your businesses already have in place, we find that many organisations can obtain the certification within 7-10 days. Before the assessment can be filled out, it takes extensive research of the technology your organisation has in place, along with the devices you have and use. On the bright side, we find that most of our customers already meet 60-80% of the requirements before we even start the process! Ultimately, this will make the the process easier, faster and require less investment.
What is Cyber Essentials Plus?
Cyber Essentials Plus (CE Plus) is an extended version of the standard Cyber Essentials certification. It also consists of the same assessment process as CE standard. The difference between the two certifications is that CE Plus will be inspected and verified by a government-approved third party.
To verify your answers, a government authorised body will log into your business network and systems. After gaining access, they will check that the appropriate security measures are in place. These tests ensure that your business is safe and that it can protect its data and networks.
To obtain the Cyber Essentials Plus certification, usually takes between 14 to 21 days from we start the process. Again, this time frame is based on the thorough research that need to be done on your business networks, devices and software. This includes the exact number of devices that have access to your company’s data. Finally, a government authorised body will visit your organisation on site, to perform security vulnerability checks based on the answers provided in the assessment.
What Is The Difference Between Cyber Essentials And Cyber Essentials Plus?
The two certifications are very similar, but they do carry one major difference- the third-party verification. Depending on your reason for obtaining the certification, there are several benefits from upgrading to Cyber Essentials Plus. It has become common practise to need the certification when applying for government contracts, large tenders or even business bank loans!
For some, Cyber Essentials will be sufficient, for others Cyber Essentials Plus is now a requirement. In the UK, we only expect this to be even more common in the future.
Finally, no matter what certification you obtain, it will be listed on a government website. It provides partners, investors and customers peace of mind, and will be updated immediately when a business obtains a new level of certification. Do you want to check the certification of a business? They will be listed right here!
Why Become Certified Through A Managed Service Provider?
The Cyber Essentials assessment can be extremely complicate for many, and technical knowledge is required. Therefore, many will choose to go through the process with a Managed Services Provider.
But with the service comes many benefits!
First of all, you’ll have the opportunity to make it into a monthly service. The service will include monthly health checks of your cyber security- the only way to make sure your business is always protected. This is beneficial, because a business setup often changed between the 12 months when the Cyber Essentials certification will have to be renewed. Were you to add a new router or device a few months after passing the certification, without completing the necessary measures, your business would once again be un-protected.
By having a monthly health check, you will always know the security status of your business. It is a great way to stay on track of your cyber security, and it will give you and any partners extra peace of mind.
But what other benefits are there to becoming certified? And why should businesses go for it?
Why Should Businesses Become Certified?
With the rise we have seen in cyber crime over the last year, any business should become certified to make sure their business can stay safe.
Having a Cyber Essentials certification, shows what protection your businesses have put into place, to take an active stance against cyber-crime. Businesses can make it aware to their customers, competitors and investors, that they have taken the correct steps to defend themselves against cyber-attacks. This will give all partners peace of mind when initiating new business relationships.
But what other benefits are there? Let’s cover some of them here:
- Having control and understanding your business’s current security setup
- Increased credibility and reputation
- Clarity that your business is cyber secure
- Creating a safe space for your business and employees to operate
- Drawing in new business opportunities
- Free cyber insurance up to 25k
- More eligible to gain government contracts and tenders
If you are applying for government contracts, you will be required to be Cyber Essentials certified. Additionally, we find that it is also common practice when applying for large tenders. Ultimately, it is becoming more difficult for businesses to operate and grow without the certification.
The Five Technical Controls
To obtain the certifications, businesses must complete an assessment, covering the security measures they have in place.
They are known as the Five Technical Controls. Let’s go through them!
Firewalls protect your business against unknown network traffic. They are one of the most effective technologies we have, and any business needs to have a sufficient one, in order to pass the certification. The most common attacks we see, happens online. Having an appropriate firewall in place can and will stop most of these attacks. With a good firewall, you will protect not only your business, but also your employees, by providing them with a cyber safe environment.
Misconfigurations are easily exploitable by cyber criminals and they will therefore pose a threat to your business. Through having a secure configuration setup and policies, your business can reduce vulnerability and maintain safety.
User Access Control
User access controls are vital to any business’s cyber security. Ultimately, they allow your business to control who can access which data. As a result, it prevents unauthorised users from exposing sensitive data and can reduce the attack surface of your business. Without user access controls, your business’s applications, licences, and data could be exposed. Multi-factor Authentication (MFA) is a part of user access control. It adds an extra layer of security to your passwords. Should anyone ever get access to one of your users passwords, they would still be denied access without the MFA device. MFA is mostly used on an authentication app on your smartphone, but could also be setup as a phone call.
Patch management makes sure your software is always up to date. Whenever something is unpatched, it increases the risk of cyber attacks. Therefore, it is vital to have a proper patch management solution. This will make sure your devices are always patched when an update is released. This then allows your business to stay on top of software updates and maintain the security of all systems and devices. Un-updated systems will cause vulnerabilities and allow access to hackers. As a result it leaves your company open to breaches which then makes the company vulnerable.
Malware management is the defence against malicious attacks, it protects your business when using the internet and also the day-to-day use. It protects businesses from viruses and other unwanted spyware, which can cause damage to data and even gain unauthorised access to your businesses systems.
The Cyber Essentials Certifications are created as a tool to showcase that your business have taken the reasonable measures to keep your organisation safe. The certifications enables businesses to present themselves to their customers and investors as a cyber secure business. Over the last years, it have become common practise to ask for a business to be certified when applying for government contracts, tenders or bank loans- something we only expect to see increase in the future.
Do you want to become certified?
As we see cyber crime rise on a daily basis, we are now advising all businesses to achieve the Cyber Essentials Certification. Are you ready to become Cyber Essentials Certified? Leave your details below and one of our team members will be in touch.