PTG is proud to announce that as of the 23rd of May 2018, the Group is now fully Cyber Essentials Plus Certified.
The UK Government is leading the cybersecurity agenda for businesses with a range of schemes and initiatives, and perhaps the most useful for SMEs are the Cyber Essentials Certifications. PTG acknowledges the importance of security for all of its partners and customers and is therefore taking the necessary precautions and commitment around cyber security very seriously.
But what is it?
Cyber Essentials is a simple but effective Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. Cyber-attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals (the digital equivalent of a thief trying your front door to see if it’s unlocked). Cyber Essentials is designed to prevent these attacks.
Cyber Essentials (Basic) vs. Cyber Essentials (Plus)
Cyber Essentials (Basic) is a self-certification. This means that you’re asked to supply answers to a questionnaire (with evidence) and the application is marked by one of the CE certification bodies through an online portal. However, Cyber Essentials (Plus) involves an external vulnerability scan. This means that one of the CE certification bodies will visit your office and perform a test that is in line with the Cyber Essentials test specification. Every certification body will have the same test process; however, the costs may vary.
So what does it entail?
The scheme provides five fundamental technical security controls that an organisation needs to have in place to defend against the most common form of cyber-attacks emanating from the Internet. These controls are then independently assessed for a Cyber Essentials accreditation:
- Boundary firewalls and internet gateways; these must be designed to prevent unauthorised access to, or from private networks.
- Secure configuration; ensuring that systems are configured in the most secure way for the needs of the organisation.
- Access control; ensuring only those who should have access to systems have access and at the appropriate level.
- Malware protection; ensuring that virus and malware protection is installed and is up to date.
- Patch management; ensuring the latest supported version of an application is used and all the necessary patches supplied by the vendor have been applied.
Why is it important?
Whilst no security strategy can stop 100% of attacks, the aim is to mitigate the risk as much as possible. The majority of attacks exploit basic weaknesses in IT systems and software, and in reality, these can be quite straightforward to defend against, ensuring your organisation has the appropriate systems in place. The Cyber Essentials scheme aims to provide businesses with a strong base from which to reduce the risk from these prevalent, but unskilled, cyber-attacks.
What are the benefits?
When implemented correctly, the security controls outlined should prevent 80% of cyber-attacks. The primary aim of the scheme is to encourage organisations to adopt best practices in their security strategy, in turn making the UK a safer place to do business. The Cyber Essentials schemes bring a number of benefits to companies, such as:
- It protects against common threats.
- It shows your commitment to security; demonstrating to your business partners, regulators and suppliers that you take cyber security seriously.
- It is a mandatory requirement for government suppliers and for all public service contracts.
- It enables you to safeguard commercially sensitive data.
- It protects your company’s profits and reputation by avoiding the financial implications of any negative publicity associated with a cyber attack.
- It gives you a competitive advantage, particularly in comparison to rivals without accreditation.
For more information on how to implement Cyber Essentials Plus in your business, join the Groups new workshop series ‘Penetration Testing and Cyber Essentials workshop’ on the 17th of August, or call one of the PTG Security Specialists on 0113 387 1070 for more information.