August 1st 2023
CYBER ESSENTIALS: TOP 8 FAQs FOR BUSINESSES
In a recent report, it was found that approximately 2.39 million cases of cyber crime occurred in the last 12 months. Those who were victims included medium businesses, large businesses and high-income charities. Cyber criminals will attack any business if there is an area of weakness in their IT security. To minimise this risk, businesses seek Cyber Essentials, a national standard for strong cyber security.
Below, we dive into the most frequently asked questions about Cyber Essentials so you can discover all you need to know.
1. What Is Cyber Essentials?
Cyber Essentials is a foundation-level certification that gives businesses a basic level of protection against common cyber threats. Originally developed by the National Cyber Security Centre (NCSC), Cyber Essentials works as an excellent standard for those wanting to strengthen their IT security.
As part of the process, businesses must complete an online self-assessment questionnaire. This covers five technical control, including firewalls, secure configuration, user access control, malware protection and patch management. A board member will sign off the answers provided, and then a qualified Cyber Advisor from Lily will review the final form.
2. What Is Cyber Essentials Plus?
Cyber Essentials Plus is an advanced certification that shows businesses have exceeded the minimum requirements needed in the Cyber Essentials scheme. This certification includes the same self-assessment questionnaire but requires Lily to conduct a rigorous on-site audit of your IT systems.
Cyber Essentials Plus goes beyond the basic levels of technical controls. Our Cyber Advisors will reassure all stakeholders that their self-assessment is accurate and ready for review.
3. Is Cyber Essentials Mandatory?
Cyber Essentials is only mandatory for businesses wanting to bid on government contracts. For those outside of this, Cyber Essentials is an optional standard to demonstrate your IT systems meet cyber security best practices.
4. Why Should You Get a Cyber Essentials Certificate?
The Cyber Essentials scheme firstly protects you from common cyber threats, such as phishing or malware, and potential financial losses for your business. Having a certificate highlights that you take cyber security seriously and allows you to apply for government bids should you want to scale your business.
5. How Long Does it Take to Get Cyber Essentials Certified?
Getting Cyber Essentials certified depends on the complexity of your current IT system and the amount of security controls you need to put in place. You must ensure relevant stakeholders are available to assist with completing the questionnaire and any following changes if further work is needed. Once your self-assessment passes, you will receive a certification within one working day.
6. How Long Does a Cyber Essentials Certification Last?
A Cyber Essentials and Cyber Essentials Plus certification has a 12-month expiry date. Once it expires, your business must renew it.
7. What Is the Difference Between ISO 27001 and Cyber Essentials?
ISO 27001 demonstrates you are meeting best practices for protecting all types of information. This includes IT systems and paper-based documents. The Cyber Essentials scheme covers security for data and programs on servers, networks and other areas of your IT infrastructure.
8. How Do I Prepare?
The NCSC has released a helpful Cyber Essentials Readiness Tool, which provides personalised advice in preparation for certification. This tool asks multiple questions relevant to the criteria of the self-assessment questionnaire.
Looking to get certified in Cyber Essentials or Cyber Essentials Plus? Lily Comms is a trusted Cyber Advisor who can help secure your organisation from cyber crime. Contact the Lily team or call us on 0343 507 1111.