Cyber Essentials

Help Guard Yourself against the most common cyber threats

ABOUT CYBER ESSENTIALS

Strengthen Your Businesses Cyber Security

Cyber Essentials is a Government backed scheme that will  help you to protect your business against the most common cyber attacks by auditing your infrastructure using five basic security controls.

Cyber attacks come in many forms, and the vast majority are very basic in nature, carried out by unskilled individuals. Cyber Essentials certifification is designed to prevent these kind of attacks by ensuring the appropriate security measures are in place in your organization.

There are two levels of Cyber Essentials certification, Cyber Essentials and Cyber Essentials Plus. Both certifications help your business to demonstrate its commitment to cyber security

Cyber Essentials vs Cyber Essentials Plus

Certified by completing a self-assessment questionaire (SAQ) which is verified by an external certification body. An affordable way to become certified.

Cyber Essentials is the fastest way for you if you want a base-level security certification, that demonsrates best security practices are in place and your internet facing networks and applications have zero vulnerabilites

Certified by conducting a technical audit of the systems defined in the scope. Includes an in-depth on-site assessment, and internal scan and an external vulnerabilty test.

Cyber Essentials Plus is ideal for businesses who work in highly regualted industries, or wish to tender for larger government contracts, which require you to show a more in-depth audit of the five key controls in place

WHY DO I NEED CYBER ESSENTIALS

How It Will Benefit Your Business

Prevent Cyber Attacks

Correctly using the five basic security controls will protect your business from the most common cyber attacks

Demonstrate your Security

Certification reassures customers and demonstrates your commitment to using the highest security standards

Government Contracts

Cyber Essentials allows you to tender and work with the UK Government, Cyber Essentials Plus allows you to work with the MoD

Win New Business

Being Cyber Essentials certified will boost your reputation and give you an advantage over your competitors for new business

Reduce Insurance Premiums

Cyber Insurers will offer reduced premium's to those businesses that have an active Cyber Essentials certification

A Clear Picture

Cyber Essentials will give you and your customers a clear picture of your organisation's cyber security level

Protect against approximately 80% of Cyber Attacks

KEY CONTROLS

Cyber Essentials Five Key Controls

The UK government’s Cyber Essentials Scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, against which they can achieve certification in order to prove their compliance.

  • Secure Configuration
  • Firewalls & Internet Gateways
  • Access Controls
  • Malware Protection
  • Patch Management

Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.

Security misconfigurations are one of the most common gaps that criminal hackers look to exploit. According to a recent report by Rapid 7, internal penetration tests encounter a network or service misconfiguration more than 96% of the time.

Both the SANS Institute and the Council on CyberSecurity recommend that, following an inventory of your hardware and software, the most important security control is to implement secure configuration.

Firewalls and gateways provide a basic level of protection where a user connects to the Internet. While antivirus software helps protect the system against unwanted programs, a firewall helps to keep attackers or external threats from gaining access to your system in the first place.

The firewall monitors all network traffic and can identify and block unwanted traffic that could be harmful to your computer, systems and networks. The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).

Protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber-secure system or network. User accounts, particularly those with special access privileges (e.g. administrative accounts), should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.

Any organisation whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorise individuals to obtain information that they are permitted to see and use. Without appropriate access control there is no data security.

Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computer, your privacy and your important documents from attack.

Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks.

Any software is prone to technical vulnerabilities. Once discovered and shared publicly, these can rapidly be exploited by cyber criminals.

Criminal hackers can take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.

Good Cyber Security is Good Business

GET CERTIFIED

Achieve Your Cyber Essentials Certification

Cyber Essentials has been designed in consultation with SME’s to be relatively light touch and achievable at low cost.

Achievement of Cyber Essentials with Fulgent is via a three-stage process which provides support throughout.

Stage 1

 Inital Gap Analysis

We provide a full, on-site, initial gap analysis against the Cyber Essentials framework. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies. The cost includes an external vulnerability scan for up to 25 IP addresses.

At the end of the audit we’ll produce a fully costed Action Plan for achievement of the standard.

Stage 2

Implementation

The majority of changes required are likely to be system administration or minor alterations. If you are a supported customer there would be very little cost to this. In some cases there may be a requirement for additional or replacement hardware and software.

We feel it’s better than you are aware of this at this stage, rather than paying for a certification programme up front that you can’t achieve without additional investment.

Stage 3

Obtain Certificate

With all the actions completed and the company up to scratch we’ll sign off the questionnaire, re-run the external vulnerability scan and obtain the certification for you.

Send Us A Message

Email one of our experts about your enquiry

01386 834000

Our team is always on hand to answer any queries