Cyber Essentials Plus Certified

You may have noticed a little blue logo on the bottom of our website, some of our documents and materials. This is the Cyber Essentials Plus logo and it’s part of our commitment to make sure that we follow industry best practice when it comes to cyber security.

The safety and security of the websites and software applications we develop for our clients is of utmost importance to us. No matter how big the clients, whether start-up or international organisation, we take the same dedicated safe pair of hands approach so that our clients can trust that we are keeping their data and their customer’s data as safe as possible.

What is Cyber Essentials?

The Cyber Essentials Scheme is a government-backed, industry-supported initiative that helps organisations ensure that they are protected against a wide range of the most common cyber-attacks. These attacks can come in many different forms, from a wide variety of different sources; the Cyber Essentials scheme helps make sure that you can defend against the vast majority of these.

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

There are two levels of certification, Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials is an entry level self-assessment option that is designed to give organisations protection against the most common cyber-attacks. This is important because leaving yourself open to basic attacks can make you a target for further unwanted attention and more sophisticated attacks.

The questions fall into the following key areas:

• Boundary Firewalls and Internet Gateways
• Secure Configuration
• Device Locking
• Security update management
• User Access Control
• Administrative Accounts
• Password-Based Authentication
• Malware protection

The Cyber Essentials Plus certification is a step up and is more comprehensive. Also, it is verified by an external assessor who tests and verifies that you have the correct technical controls in place.

There are 5 key technical controls:

Test Case 1: Remote vulnerability assessment – to test whether an Internet-based opportunist attacker can hack into a system with typical low-skill methods.

Test Case 2: Check patching, by authenticated vulnerability scan of devices – to identify missing patches and security updates that leave vulnerabilities that threats could easily exploit.

Test Case 3: Check malware protection on EUDs – to check that all of the EUDs in scope benefit from at least a basic level of malware protection.

Test Case 4: Check effectiveness of EUD defences against malware delivered by email – to test whether or not EUDs are protected against malware that is delivered via email attachments.

Test Case 5: Check EUD defences against malware delivered through a website – to test whether or not EUDs have protection from malware delivered through a website.

Our annual testing and certification is carried out by Martin Hart at Cyber Shelter.

Why is it important?

Cyber Essentials helps us guard against the most common cyber threats and attacks and demonstrates a high level of commitment to cyber security.

Getting certified means that we have a proven, clear understanding of our cyber security level and commit to keep it under regular review. Cyber Essentials Plus is checked and confirmed annually by an accredited external testing company.

Many organisations, especially government organisations, may require suppliers to demonstrate a commitment to cyber security before working with them. As an officially recognised scheme, Cyber Essentials is an ideal way of showing our commitment to cyber security.

Can anyone get certified?

Yes, if you want to make sure the digital side of your business is secure then Cyber Essentials is government backed and one of the best ways to safeguard against cyber-attack.

The National Cyber Security Centre work with their partner the IASME consortium who have a 12-step questionnaire to help you understand how ready you are to go for certification