You may be familiar with the Cyber Essentials scheme or at least seen logos like the below in the footer of websites. More and more businesses are becoming Cyber Essentials Certified but did you know this just shows you have the minimum level of protection? In this post we look at why Cyber Essentials Basic, isn’t really enough and your business needs Cyber Essentials Plus.
What is Cyber Essentials?
Cyber Essentials is a self-assessed scheme that demonstrates that your business has a number of cyber security measures in place. Being Cyber Essentials certified is a requirement for some Government contracts but it also reassures your customers that you are working to secure your IT.
What’s the process?
Our Technical Team work through the Cyber Essentials questionnaire, assessing areas that your business is lacking when it comes to cyber security and implementing solutions to enhance protection. Once your business meets all the requirements of the questionnaire you are awarded your certification.
But if you’re serious about security, Cyber Essentials basic isn’t enough..
Cyber Essentials Plus
Cyber Essentials Plus is the next level in demonstrating how secure your business is. In addition to the self-assessment required for the basic Cyber Essentials certification there is also an audit of your system carried out by a third party assessor to highlight any weak points.
The audit includes extensive testing of your IT security including (but not limited to):
- Penetration testing (sometimes referred to as ethical hacking) – simulating a cyberattack to try and break through your firewall
- Vulnerability scan of devices to look for vulnerabilities relating to unpatched software
- Testing Email Client defences and Internet Browser defences by seeing if malware files are blocked on download from either an email or internet page
- Testing for Two-Factor Authentication – ensuring this is set up to access cloud services such as Microsoft 365
Think of it like this, you get a new front door that is supposed to prevent break ins with complex locks and super strong material, so to test it you get someone to do whatever they can to break in. If they’re unsuccessful you can feel very confident that you’re protected against threats. And if they do get through, then you can put in the appropriate measures to provide better protection. This is the same for the Cyber Essentials Plus certification.
Which one will you choose?
As we’ve made clear in this post, the Cyber Essentials Plus certification really is the best way to get full confidence in the security of your IT. At WestSpring IT we’ve helped over 40% of our clients from a range of industries, gain Cyber Essentials Plus, so our Technical Team really know what they’re doing. Get in touch with us to find out more about getting Cyber Essentials certified.