The Cyber Essentials Scheme was created and developed by both the government and the industry.
It was created to give organisations a clear outline on how they can reduce the risk for common internet threats. The government produced ‘10 Steps to Cyber Security’ in 2012 as a guide for organisations to better protect themselves in cyberspace. The guide gives an understanding of the cyberspace environment, what a cyber-attack is and ten steps to establish an effective organisation risk management.
The government suggests these ten steps can help organisations significantly reduce their vulnerability. It defines a set of controls which when properly executed are cost effective, and gives basic protection against a variety of threats.
Consequently, the government then launched the Cyber Essentials Scheme after a review revealed that the industry was keen to develop a scheme to meet the cyber essentials requirements.
The Cyber Essentials Scheme focuses on five key points in order to meet the scheme requirements and places these into stages. These stages consist of:
- Company undertake self-assessment of systems in place that meet the Cyber Essentials features.
- The self-assessment is independently verified.
- The scheme becomes a part of the organisations approach to risk management to prevent cyber-attacks.
Five Key Points
1. Firewalls & Gateways
Firewalls and gateways provide a level of protection when someone uses the internet. They help to keep attacks and threats from getting into the system. It also monitors network traffic with the ability to identify potential threats and block them from the system.
2. Secure Configuration
The use of web servers and application servers are vital in the role of cyber security, and so computers and network devices need to be properly configured to reduce the risk of potential threats.
3. Access Control
One of the key points is the proper control of users and their access to the system or network to prevent misuse.
Accounts with special access, such as an administrator, should only be given to authorised users.
4. Malware Protection
Protection should cover a range of malware, this includes viruses, worms, spyware and ransomware. The protection should also include virus removal to protect the computer and any documents.
Anti-malware software will protect the computer from being exposed to malicious content. Such as vicious attacks on trusted/ regular websites as it’s very effective for unsuspecting internet users.
5. Patch Management
All software is susceptible to technical difficulties. By keeping the software up to date and properly patched, this will help maintain keeping cyber-attacks to a minimum.
Cyber Essentials Schemes
When considering the Cyber Essentials, there are two schemes. Cyber Essentials and Cyber Essentials Plus each have three packages within the two schemes.
Cyber Essentials |
| The Cyber Essentials certification includes a self-assessment questionnaire (SAQ) and an external vulnerability scan.
With the following packages: |
|
|
|
Cyber Essentials Plus |
| This scheme includes all of the above but adds an additional internal scan and an on-site assessment of your infrastructure.
The packages include: |
|
|
|
As the internet is constantly evolving and privacy is more important than ever, it is vital that companies who deal with people’s data have the correct policies in place.