CALL 0121 289 4477
The cyber essentials certification process assesses a set of controls that provide basic cyber security for all types of organisations. Cyber essentials involve a self-assessment questionnaire of these controls, ensuring that each of them are present and are functional to verify that they protect the organisation and their cyber security system.
Data is a business’s most precious and greatest asset. Without data, a business simply cannot function and continue its operation as normal, therefore causing disruption that can lead to potential loss of profit. While the majority of businesses do worry about cyber attacks and the potential impact it could have on them, 60% of small businesses do not have a cyber security policy in place (CISO Mag).
Cyber essentials checks for any potential vulnerabilities that may be present in a business’s IT infrastructure. It also provides clear and insightful guidance on the basic network security checklist that your business should be meeting in order to minimise cyber security threat risks.
The cyber essentials self-assessment questionnaire requires organisations to pass on 5 different areas of their IT setup: firewalls, secure configuration, malware management, patch management and user access controls. You must ensure that your business covers each of these areas successfully without any gaps to gain your cyber essentials certification.
If it is your first time applying for the cyber essentials certification, you are likely wondering what types of questions you may need to prepare for.
We have listed 5 examples of the IASME Cyber Essentials Questionnaire Examples:
To view more question examples, view the self-assessment pdf here.
We find that many businesses are unsure of how in-depth they need to answer the self-assessment questions.
To give you some guidance, we have listed a few IASME Answers Examples below:
Our organisation is protected by XX. An outsourced company, XX, installed and maintains this for us.
Our organisation uses an outsourced IT company who regularly changes our passwords to one with at least 15 characters and is made up of upper and lower case letters, special characters and numbers.
To view more answer examples, you can view the cyber essentials guidance booklet here.
Network security consists of a set of processes and configurations adopted to protect the integrity and anonymity of your network and data. This also relates to hardware and software. The overall aim of network security is to reduce the risk of data loss, theft or exploitation by cyber hackers and other unauthorised parties.
Network security has become even more important and crucial for businesses to implement, manage and oversee, with the rise of remote and hybrid working employees. Most homes do not have adequate secure internet connections and it is something that many cyber attackers use to their advantage.
To help safeguard your businesses and protect employees that are working outside of the office, we have put together a simple network security checklist for you to follow:
You will notice that most of the above network security checklist items directly overlap with the cyber security essentials requirements. Cyber attackers will attempt to breach your IT infrastructure from many different angles, including through your network. Therefore, it is crucial to ensure that your data is well protected, backed up and stored in various locations to ensure that if the worst-case scenario were to occur, your business can efficiently resume with minimal disruption.
Information security, occasionally referred to as InfoSec, refers to clear methodologies and practices that aim to protect confidential business information from unauthorised access. The goal is to ensure that critical data such as a customer’s financial details are not to be accessed, modified or destroyed by an unauthorised individual.
As with network security, you will notice that the information security requirements checklist covers similar areas/ processes:
Once you pass and gain your cyber essentials certification, your organisation can now apply for cyber essentials plus accreditation.
Cyber essentials plus is also a UK government-backed scheme that is designed to further assess how protected businesses are from basic cyber security risks. The main difference is that cyber essentials plus acts as a way of enhancing and maintaining your cyber hygiene across your IT infrastructure.
The National Cyber Security Centre (NCSC) highly recommends for all businesses to consider undergoing a cyber essentials accreditation process. It is also a great way of understanding how secure your business really is.
To gain your certification you will need to pass all of the Cyber Essentials Plus requirements.
We have listed a few processes that you may be tested on as part of your cyber essentials plus certification:
Although cyber essentials / plus are both independently verified, your business should consider undergoing a pre-assessment through a verified certification body. Solutions4IT can help your business assess its current cyber security, identify any vulnerabilities and help with passing your cyber essentials assessments, learn more here.