09 Dec 2022

Cyber Essentials Certification: Small Business Guide

What is the Cyber Essentials scheme?

Due to the increased number of cyber-attacks, and the negative impact on small businesses, the UK Government’s Department for Business, Innovation, and skills, introduced the government-endorsed Cyber Essentials scheme. Cyber Essentials was developed in 2014 in collaboration with the Information Security Forum, the Information Assurance for Small and Medium Enterprise Consortium, and the British Standards Institution. Due to the significant rise in these attacks in the last few years, especially for small businesses security is now more vital than ever.

The scheme was introduced to protect data by providing a security framework, ensuring companies follow a basic level of due diligence on how data is accessed and secured to avoid it being compromised. It covers a set of five basic controls which have been designed to ensure businesses keep their data secure:

  • Access control
  • Secure configuration
  • Patch management
  • Malware protection
  • Internet gateways and boundary firewalls

What are the benefits of the Cyber Essentials certification?

The benefits that certification brings include improved protection against 80% of the most common cyber-attacks. Some of the additional advantages include:

Trust and confidence companies that have the Cyber Essentials trust badge are showing their compliance and dedication to cyber security, this aims to build trust and confidence amongst customers, suppliers, investors, and other partners.

Secure partnerships it is also a useful standard for companies to check for when working with potential partners when data is involved. For small businesses that are looking to tender for public sector projects, Cyber Essentials Certification is normally a prerequisite.

Free insurance businesses that comply may be eligible for free cyber insurance cover up to £25,000 and it may also reduce other business insurance costs.

See our dedicated blog article https://www.fos.net/news_details/Cyber-Insurance-A-Guide-For-Small-Business-

What are the latest updates to the Cyber Essentials scheme?

In early 2022, several updates were applied to the Cyber Essentials scheme to bring it into line with the changes in cyber security protocols and keep pace with the changing world of work.

As more businesses turn to cloud computing and many workforces now work remotely (at least some of the time), the scheme was updated to reflect these changes with the following initiatives.

Home working devices

One of the biggest changes to working environments is the speed at which many businesses have transitioned to remote or hybrid working, accelerated by the Covid-19 pandemic. To maintain compliance, all devices (including laptops, tablets, and smartphones) that are used for home-based working must be secured via the necessary firewall guidelines and other security measures.

Multi-factor authentication

To comply with the Cyber Essentials accreditation, businesses must now implement multi-factor authentication (MFA), which provides an additional layer of protection beyond passwords and reduces the chances of an unknown or unwanted user accessing a network.

Endpoint devices

Under the initial scheme, businesses only needed to have their server systems certified as part of the assessment. However, the 2022 update means that its now compulsory for all endpoint devices to also be secured to prevent vulnerabilities across the network.

Software updates

The latest Cyber Essentials update recommends that newly released and high or critical-risk software updates are applied within 14 days of release. Automatic updates should also be enabled for critical software, with the software on devices no longer in use being uninstalled. Finally, all software must be fully licensed and purchased directly from the developer.

Account separation

Staff are encouraged to have separate accounts for work and social use to reduce the risk of the business’s network being compromised. This means that non-work activities such as browsing social media or surfing the web should be done using a separate account from the one used for work.

See our dedicated blog article that covers these changes in detail https://www.fos.net/news_details/Changes-to-Cyber-Essentials-Certification-What-You-Need-to-Know-

How can you become Cyber Essentials certified?

Cyber Essentials is a self-assessment scheme that can be completed remotely. However, to ensure full compliance and to maintain compliance we recommend that you work with your IT support company who will be able to guide you carefully and effectively through the process.

As aforementioned some organisations will require Cyber Essentials accreditation for you to transact business with them.

FOS.net IT is Cyber Essentials certified, and we have worked with several of our customers to help them achieve Cyber Essentials accreditation. We will take care of the entire process for you including all the remediation tasks required. If you want to find out more about the scheme, contact us today.