Demonstrate your commitment to cybersecurity

As cyberattacks become more frequent and sophisticated, businesses are seeking Cyber Essentials Plus certification to prove their commitment to cybersecurity. According to Matt Rhodes, Commercial Services Manager at Quiss Technology, simply claiming proficiency in dealing with potential attacks is no longer acceptable, as clients are adopting stricter vetting processes when it comes to selecting a supplier.

Gallery

There are currently two different certifications available to businesses – the standard Cyber Essentials and the Cyber Essentials Plus. Cyber Essentials represents the most basic level of cybersecurity, and requires organisations to complete a short questionnaire regarding their current security controls. Cyber Essentials Plus, however, requires an organisation to undergo a more thorough assessment, based on internal security assessments of end-user devices.

Using a range of specialist tools and techniques, the Cyber Essentials Plus assessment directly tests that individual controls have been implemented correctly, and recreates various attack scenarios to determine effectiveness.

The Cyber Essentials Plus certification requires your organisation to have:

  • Boundary firewalls – these devices are designed to prevent unauthorised access to or from private networks but require good setup to achieve maximum effectiveness
  • Secure configuration – ensuring systems are configured securely to suit the requirements of an organisation
  • Access control – only allowing those with authority to have access to systems
  • Malware protection – ensuring the most up-to-date virus and malware protection had been installed
  • Patch management – ensuring the latest supported version of applications is used and all the necessary patches have been applied.

Only once a company successfully passes these tests can they be awarded the badge, which can be displayed on their website.

Staying vigilant

For serious businesses committed to achieving strong cybersecurity, Cyber Essentials Plus is the only option worth considering.

The Cyber Essentials Plus scheme provides a well-defined standard that is suitable for organisations across all sectors, including charities, schools, universities and local authorities.

While the basic Cyber Essentials certification is a good and necessary starting point for businesses, the extra checks involved with Cyber Essentials Plus make it the best option.

Achieving compliance

If your company is serious about achieving Cyber Essential Plus status, the first step is to visit the www.cyberaware.gov.uk website and select one of the official accreditation bodies listed. Once you have received Cyber Essentials certification, you will need to start the compliance process by introducing the appropriate controls to your system. When looking for support to help you achieve Cyber Essentials Plus, it is important you contact an IT specialist with plenty of experience in helping clients achieve compliance.

Finally, the security and business advantages of becoming Cyber Essentials Plus compliant is undeniable, but achieving certification should only be the start of your company’s efforts to achieving optimum protection. More sophisticated assessments are available to companies looking to push their security further than the Cyber Essentials scheme, including penetration testing and simulated targeted attack and response, which assesses specialist business functions with a market or country influence.

Share this article

Tagged under:
Login to post comments

About us

Future Constructor & Architect is a specification platform for architects and building contractors, which focuses on top-end domestic and commercial developments.

As well as timely industry comment and legislation updates, the magazine covers recent projects and reviews the latest sustainable building products on the market. Subscribe here.

Privacy policy

Latest updates

e-newsletter

Sign up below to receive monthly construction, architecture and product updates from FC&A via email: