Help Guard Yourself against the most common cyber threats
ABOUT CYBER ESSENTIALS
Strengthen Your Businesses Cyber Security
Cyber Essentials is a Government backed scheme that will help you to protect your business against the most common cyber attacks by auditing your infrastructure using five basic security controls.
Cyber attacks come in many forms, and the vast majority are very basic in nature, carried out by unskilled individuals. Cyber Essentials certifification is designed to prevent these kind of attacks by ensuring the appropriate security measures are in place in your organization.
There are two levels of Cyber Essentials certification, Cyber Essentials and Cyber Essentials Plus. Both certifications help your business to demonstrate its commitment to cyber security
Cyber Essentials vs Cyber Essentials Plus
Certified by completing a self-assessment questionaire (SAQ) which is verified by an external certification body. An affordable way to become certified.
Cyber Essentials is the fastest way for you if you want a base-level security certification, that demonsrates best security practices are in place and your internet facing networks and applications have zero vulnerabilites
Certified by conducting a technical audit of the systems defined in the scope. Includes an in-depth on-site assessment, and internal scan and an external vulnerabilty test.
Cyber Essentials Plus is ideal for businesses who work in highly regualted industries, or wish to tender for larger government contracts, which require you to show a more in-depth audit of the five key controls in place
WHY DO I NEED CYBER ESSENTIALS
How It Will Benefit Your Business
Protect against approximately 80% of Cyber Attacks
Cyber Essentials Five Key Controls
The UK government’s Cyber Essentials Scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, against which they can achieve certification in order to prove their compliance.
Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Security misconfigurations are one of the most common gaps that criminal hackers look to exploit. According to a recent report by Rapid 7, internal penetration tests encounter a network or service misconfiguration more than 96% of the time.
Both the SANS Institute and the Council on CyberSecurity recommend that, following an inventory of your hardware and software, the most important security control is to implement secure configuration.
Firewalls and gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps protect the system against unwanted programs, a firewall helps to keep attackers or external threats from gaining access to your system in the first place.
The firewall monitors all network traffic and can identify and block unwanted traffic that could be harmful to your computer, systems and networks. The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).
Protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber-secure system or network. User accounts, particularly those with special access privileges (e.g. administrative accounts), should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.
Any organisation whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorise individuals to obtain information that they are permitted to see and use. Without appropriate access control there is no data security.
Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.
Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks.
Any software is prone to technical vulnerabilities. Once discovered and shared publicly, these can rapidly be exploited by cyber criminals.
Criminal hackers can take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
Good Cyber Security is Good Business
Achieve Your Cyber Essentials Certification
Cyber Essentials has been designed in consultation with SME’s to be relatively light touch and achievable at low cost.
Achievement of Cyber Essentials with Fulgent is via a three-stage process which provides support throughout.
Inital Gap Analysis
We provide a full, on-site, initial gap analysis against the Cyber Essentials framework. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies. The cost includes an external vulnerability scan for up to 25 IP addresses.
At the end of the audit we’ll produce a fully costed Action Plan for achievement of the standard.
The majority of changes required are likely to be system administration or minor alterations. If you are a supported customer there would be very little cost to this. In some cases there may be a requirement for additional or replacement hardware and software.
We feel it’s better than you are aware of this at this stage, rather than paying for a certification programme up front that you can’t achieve without additional investment.
With all the actions completed and the company up to scratch we’ll sign off the questionnaire, re-run the external vulnerability scan and obtain the certification for you.