Since the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 came into effect, all organisations that process personal data must implement appropriate technical and organisational measures to ensure its security or risk administrative fines of up to €20 million or 4% of annual global turnover – whichever is greater.
Cyber Essentials and Cyber Essentials Plus are UK government assurance schemes, based on the 10 Steps to Cyber Security and administered by the NCSC (National Cyber Security Centre). Cyber Essentials and Cyber Essentials Plus are industry-supported schemes to help organisations protect themselves against common online threats.They are suitable for all organisations, of any size, in any sector.
Cyber Essentials has two main functions;
- To set out the five basic cyber security controls that organisations should implement to protect themselves from “around 80% of common cyber attacks”
- To provide a simple and affordable mechanism – through the Assurance Framework’s two levels of independent certification, Cyber Essentials and Cyber Essentials Plus – for organisations to demonstrate that they have implemented essential cyber security measures.
According to the UK Government, 80% of cyber attacks could be prevented if organisations put simple cyber security controls in place. The Cyber Essential scheme identifies some fundamental security controls that organisations should have in place to secure themselves against common cyber threats.
Obtaining the certification will:
- Protect your organisation against common cyber threats
- Show your customers you take cyber security seriously
- Enable you to bid for Government contracts
- Ensure that your staff understand how to combat online threats
Cyber Essentials PLUS has exactly the same as requirements of Cyber Essentials, however, the critical difference is that Cyber Essentials PLUS requires an independent assessment of your security controls, to verify that you do indeed have the 5 technical security controls in place.
The Cyber Essentials assessment involves a vulnerability scan, which will identify unpatched, or unsupported software, open ports, incorrect firewall configuration etc.