How do you know you are secure enough? It’s a tough judgement, even for seasoned professionals, and there are often several variables. However, behind all of this complexity, there are some basics you should just do, like your car having an MOT. Several of these basics are locked into an accreditation called Cyber Essentials.
The truth is that, while cyber-attacks come in many shapes and sizes, the vast majority are very basic in nature. Complying with the requirements of cyber essentials helps protect you against these attacks.
There are two levels of certification:
Cyber Essentials self-assessment. Don’t be fooled into thinking that self-assessment has little value. In this case, complete the questions and a qualified, skilled accreditor will determine whether you meet the standard. We’ve been through it, and it’s not had, but certainly not as easy as you might think, and there will be things that make you do things differently. At the end of this, you get an externally validated certification that claims to mean you are protected against 80% of the most common threats. They are so confident, they offer insurance along with the certification at no extra charge. The cost of certification itself is low, and from our perspective, there’s little excuse for not getting Cyber Essentials. It’s a small price to pay for a little piece of mind.
Cyber Essentials Plus. Like Cyber Essentials, but a skilled person audits to verify the right measures are in place. It costs more than the self-assessment, but offers much more assurance,
Why bother?
It’s tough to know how much security is enough. The Cyber Essentials suite gives an external benchmark for the minimum security you need, and is relatively inexpensive (hundreds and not thousands, usually). If you want your stakeholders to believe you take security seriously, then perhaps external accreditation like this is a useful tool. If you work in certain industries, this is a basic requirement. If you must comply with a regulation like GDPR, NIS2 or similar, this will also support you.
How do I do it?
The questions and standards are free, and there are self-assessment tools available to help you get ready. Once you’re ready to go, please get in touch and we can guide you through the process.
Is this all I need to do?
In our view, no. There’s always more to do, and there are other accreditations for SMEs that can broaden and deepen an approach to security. However, Cyber Essentials is the ideal starting point.
If you want to talk to our experts about the path you should take to layer accreditations through your organisation, please contact us here.