Gaining Cyber Essentials (Plus)Posted By: Helen Thursday 26th August 2021Tags: cyber essentials, cyber essentials plus, Cyber Security
At LaneSystems we are specialists in Cyber Essentials and today we’re sharing how we’ll work closely with you to achieve the right certification.
Let’s break this down and start with the basics.
Cyber Security Definition
We’re confident that if you’re reading this article you have a sound grasp on what is meant by ‘Cyber Security’. To confirm, cyber security owns masses of responsibility in the protection of devices we use on a daily basis. This includes PCs, laptops, smartphones and tablets. Ensuring high levels of cyber security means your devices are safe from theft, damage and unauthorised access to personal data.
So, you’ve protected every device under your care. What next?
Delving into Cyber Essentials
Cyber Essentials is an industry recognised, government backed scheme/certification awarded to companies diligently following the core principles outlined. Companies invested in the scheme will remain protected against the most common threats.
How can you achieve certification?
You will be audited based upon current levels of security. From here a specific strategy will commence highlighting system weaknesses whilst ensuring coverage of best practice implementation and configuration.
This all sounds rather complex…;
Don’t worry, at LaneSystems we work with you to identify weak points before arming you with exactly what’s required to gain certification. Our straightforward approach is transparent, free of jargon where possible and fully defends your company data.
Benefits of Cyber Essentials
As mentioned previously, once furnished with cyber essentials you’re protecting every device under your watch from the most common threats around and more. Did you know that certain companies will only work with those who are already fully accredited?
Tick this one off the list and all of a sudden, more doors open. Equipping your company with cyber essentials indicates to both customers and businesses how committed you are to data security and the measures to keep it this way.
Who decides if we pass successfully?
Certification is self-assessed, approved by an owner or board level representative and finally, independently verified (this is where we come in). Working by your side throughout, it’s our job to make sure every security angle is covered.
The assessment itself covers five key areas as follows:
Firewalls: It’s intrinsic to ensure your firewall only allows those with the right access gain entry to systems. Get this right and you’re already managing to keep external threats at bay.
Secure Configuration: It’s critical PCs and network devices are configured in such a way they provide only required services. This in turn, reduces vulnerabilities.
User Access Control: System access should only be provided to those who need it and is required to be regularly reviewed.
Malware Protection: It’s necessary to guard data against any malicious software. Best case sees damaged data, loss of access or even a request for ransom. Worst case equals potential lawsuits, data protection breaches and even company liquidation. Malware protection keeps data safe whilst virus removal software should be available to do its job as and when needed.
Patch Management: Cyber criminals have a knack for finding system vulnerabilities and without proper patch management you could fall victim to loss of data. Identify, patch and update to avoid unnecessary problems.
Once all of the above is in place and you’ve been through assessment followed by verification, not only are you secure, your company has become more desirable, particularly to local authorities and the government.
You can go further;
Cyber Essentials Plus
This next step is the most advanced certification of Cyber Essentials and LaneSystems will guide you through the next steps.
Why would I need Cyber Essentials Plus?
Think about your company for a minute. Do you have employees working remotely, even if it’s just a couple of days a week? Do any third parties currently access your IT systems? If you answer yes to either or both of these, it’s time to crack on with the plus version.
What will I need to achieve?
You’ll complete the same assessment as with the basic accreditation before moving on to an additional internal scan and onsite assessment. Your assessor’s job is to test a random sample of your company systems, devices and servers to determine security levels. During the analysis, the following steps are adhered to:
- Execution of an Internal Vulnerability Assessment
- Completion of an External Vulnerability Assessment
- User Access Controls Test
- Browser Download Test
- Email Test
Arm yourself fully with the best Cyber Essentials Certification that meets you and your clients needs to become more secure and desirable for specific contracts.