The Cyber Essentials scheme was developed by GCHQ. They suggest that it can reduce a business risk from internet based threats by 70-80%.
Matt Hancock, Minister for Digital and Culture announced in March this year (2017) that:
“We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.”
For more information, you might like to read this article on how the Government is driving takeup of the scheme.
How does it work
70-80% reduction in risk is a bold claim, and in fairness, if you've made any attempt to improve your security, that figure is probably generous. That said, many businesses have ignored the simple things that can be done, such as:
- Blocking inbound connections unless you know you need them.
- Changing default usernames and passwords.
- Installing good business-grade anti-malware software.
Simple and fairly non-technical changes can make a big difference to your security.
To complete Cyber Essentials, you fill out a self declaration form, which is freely available online from the Cyber Essentials certifying bodies. The form covers a set of “technical controls”, (that's just “things that you should do”), to help improve your security. These range from trivial to quite inolved, and the amount of work required will depend on:
- The size of your business.
- The amount of work you’ve already done to improve security.
- Your technical "competence".
Once completed, you are not obliged to actually apply for the certificate (which carries a nominal fee). The certificate’s a nice to have, but not a requirement - unless you need to prove compliance with the scheme to apply for a tender!
Need some help?
Share this article
If you found this article helpful, please Tweet, Pinterest, Linkedin, Facebook - do what you do to share it with others you think will benefit from reading it. Thank you!
If you'd like help with your ISO27001 project please
give us a call on: 01530 637 833
We look forward to speaking with you soon!