Cyber essentials is a government scheme to assist small businesses in improving online-security. It was launched in 2014 and is administered by the National Cyber Security Centre (NCSC). It provides you with security guidelines which can help you in preventing cyber-attacks.
Cyber-attacks are increasing every year, and the damages they cost to the businesses are in billions. According to a report almost 70% of the total cyber-attacks last year were on small enterprises. It’s understandable as small enterprises do not care too much about the online security and some can’t afford it. For these reasons the government of the UK developed cyber essentials scheme to provide small organisations an affordable security standard that they can follow.
To get the cyber essentials certificate you have to implement five security controls:
- Set up firewalls
A firewall is the first level of security. It monitors all traffic and inspects every packet and prevent an unauthorised user from accessing the network. You can install a network-based firewall or a host-based firewall. A network-based firewall is more secure than a personal firewall.
- Secure your devices
You need to configure your devices in a way that makes them more secure. Use a strong password and change the default settings.
- Control user access
Configure the users’ roles and permissions. Define what privileges users have and what they are not allowed to do. Also, make sure that every employee uses strong passwords that contain symbols, numbers, lower- and upper-case letters. Passwords shouldn’t have any personal information.
- Protect your devices from malware
Malware is a malicious program that is harmful to your computer. It could be a virus, worm, or a Trojan horse. Anti-malware software must be installed on every device and kept up to date. Install latest and premium version of the software and install updates as soon as they are available.
- Keep your software and device up to date
Hackers always try to find a loophole in the code of a program through which they can attack. To prevent this, software companies continually release patches to fix bugs and errors. You need to install these patches immediately after they are released. Updating your software can prevent many security problems.
After you have implemented all these technical controls, you need to apply for the certification. You will be given a questionnaire which you have to answer. A certification body will verify your answers, and if your answers meet the standards, you will receive the certificate.
Which businesses need cyber essentials?
Cyber essentials are beneficial for all type of businesses. Every business handles data, and there is always a need to protect that data. Some small business owners think that they don’t need online-security as no one’s going to attack a small business. This makes them more vulnerable as there are no proper security measures. Small businesses can improve their security with this scheme more simply and affordable.
This scheme can really help you if you want to do business with the government. The government of the UK has announced that every government supplier needs to have a cyber essentials certificate as they handle sensitive data. So if you want to get a government tender, you must be cyber essentials certified.
It is the right scheme for you if you handle public information. The first thing that the customers will ask you is how secure is your system. By getting the certificate, you can show your customers that you are dangerous towards securing their data and have taken steady steps for it.