Cyber Essentials

Cyber Essentials

Working in partnership with Scottish Government, the National Cyber Security Centre (NCSC) and other industry partners, SBRC has been promoting Cyber Essentials to organisations in Scotland as the baseline standard for cyber security.

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts, that will help protect your organisation against a range of the most common internet borne cyber-attacks. Cyber-attacks come in many shapes and sizes, but the vast majority are very basic in nature and can be prevented.

The scheme has been carefully designed to guide organisations of any size in protecting themselves against cyber threats which include malware, ransomware and phishing, through the use of five technical controls and implementing basic cyber hygiene.

It offers two levels of certification, Cyber Essentials (basic) and Cyber Essentials Plus which provides a greater level of assurance following additional verification of your cyber security by independent professionals.

  • About
  • Available Funding
  • Trusted Partners
  • Approved Practitioners

Is Cyber Essentials for you?

As our reliance on the internet has increased, so too has the threat of cyber and internet enabled crimes.

All businesses and organisations are a potential target of an attack, particularly if they do not take some simple precautionary measures to protect themselves. Any company with an IT network that relies on the internet could be at risk of attack and computerised systems for payroll, marketing (via social media or a website), booking systems, customer databases including payment details or other sensitive information could be compromised. Of course, this does not just affect business. Cyber-attacks are a real risk to the third sector aswell, from the small, locally run playgroup that holds a database of children’s names and addresses to larger charities delivering services to vulnerable adults.

The majority of cyber-attacks exploit basic weaknesses in IT systems and software. Most organisations would struggle to operate effectively if they lost access to their data or were not able to send or receive e-mails. By focussing on basic cyber hygiene, Cyber Essentials control measures show how to address those basic weaknesses and prevent the most common internet borne attacks.

Businesses of all types and sizes already use Cyber Essentials to help protect their IT networks from attack. So no matter what your organisation does, Cyber Essentials can help keep the devices and data you rely on safe.

 

Cyber Essentials

Cyber Essentials (basic) is an independently verified self-assessment option which helps protect your organisation from the most common cyber-attacks.  Upon submission of a completed assessment questionnaire, an independent review will be carried out to verify your responses against the Cyber Essentials baseline standards and if successful, you will be awarded a certificate and badge that you can display on your company website.

 

Cyber Essentials Plus

For those who want to take cyber security further, Cyber Essentials Plus offers the same simplicity of approach as Cyber Essentials (basic) but also involves physical tests of your network and computers by independent professionals. Successful accreditation against Cyber Essential Plus provides a higher level of assurance that your organisation has a strong cyber security regime with correctly implemented controls thereby maintaining a robust defence against internet-based attacks. On completion you will be awarded an enhanced certificate and badge that you can display.

 

How does Cyber Essentials work?


Cyber Essentials sets out five technical controls which can be implemented immediately to strengthen your cyber defences against internet-based attacks.

1. Use a firewall to secure your internet connection

2. Choose the most secure settings for your devices and software

3. Control who has access to your data and services

4. Protect yourself from viruses and other malware

5. Keep your devices and software up to date

For more information and NCSC advice on the Cyber Essentials technical controls please visit the NCSC website

 

Getting Certified

There are three simple steps to certification.

1. Select a Certification Body

2. Verify that your IT is suitably secure and meets the Cyber Essentials standards – your Certifying Body or IT Professional can help with this

3. Complete the assessment questionnaire – your Certification Body will verify your answers. Once you have passed you will be awarded the Cyber Essentials/Cyber Essentials Plus certificate as appropriate.

 

Case Studies

Click here to view some some cases studies from businesses who have benefited from Cyber Essentials.  

 

More Information

More information and advice on Cyber Essentials can be found on the National Cyber Security Centre website or alternatively contact CiSP and Cyber Essentials Coordinator, Graham Bye .

Graham is an independent consultant who is working with the SBRC to promote CiSP and Cyber Essentials to organisations across all sectors in Scotland. 

 

Cyber Essentials Voucher Scheme – Funding Available

Scottish Government has made £500,000 available under the National Cyber Security Programme for a voucher scheme to support small and medium-sized private and third sector organisations in Scotland to achieve the National Cyber Security Centre (NCSC) - endorsed Cyber Essentials or Cyber Essentials Plus certificate.

The scheme, managed by Scottish Enterprise and Scottish Council for Voluntary Organisations (SCVO) respectively will mean that Scotland-based SMEs and voluntary organisations can apply for vouchers up to £1000 to achieve Cyber Essentials certification.

Interested organisations can apply for the voucher system online via the Scottish Enterprise Website.

Interested charitable organisations can apply for the voucher system online via the SCVO Website.

SBRC Trusted Partners Initiative


The Scottish Business Resilience Centre (SBRC) has worked with Cyber Essentials Certifying Bodies based and operating in Scotland to support organisations, both small and large, to focus on cyber hygiene and achieve Cyber Essentials or Cyber Essentials Plus, the Government backed baseline standard accreditation in cyber security. This ‘Trusted Partners’ initiative, endorsed by our partners in Police Scotland, has developed into a network of independent companies focussed on promoting continuous improvement in cyber resilience across all sectors in Scotland and supports the Scottish Government’s Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland.

These Certifying Bodies have been nationally accredited by one of the five UK Accreditation Bodies, selected by the National Cyber Security Centre (NCSC) to oversee Cyber Essentials. The Accrediting Bodies are:

  • APMG International
  • CREST
  • IASME
  • IRM (Information Risk Management) 
  • QG Management Standards 

Certifying Bodies based and operating in Scotland are listed below.

The first port of call is to select a Certifying Body that will perform the evaluation and award your Cyber Essentials Certificate.  SBRC currently signpost this group to organisations in Scotland seeking to achieve Cyber Essentials or Cyber Essentials Plus on the clear understanding that it does not endorse one supplier over another.  It is for organisations to identify the supplier that they wish to work with.


In addition, there is a wide range of other Cyber Essentials Certifying Bodies located throughout the rest of the UK and details of these companies can be found on the NCSC website.

  

So what’s this all about?

Building on the success of our ‘Trusted Partners’ initiative listing companies who have been accredited nationally as ‘certifying bodies’ for Cyber Essentials we thought it would be useful to extend this further and introduce you to ‘Approved Practitioners’.

‘Approved Practioners’ is the list of independent IT companies and consultants, known as ACE (Accredited Cyber Essentials) Practitioners working in Scotland who are trained in relevant disciplines and have been externally assessed and accredited to deliver advice, guidance and consultancy in Cyber Essentials.

What does this mean?

Very simply it means they can help organisations and businesses implement the requirements of the Cyber Essentials standard but are not certifying bodies. Once organisations have attained that level of preparedness and readiness they can then be independently assessed and certified as Cyber Essentials compliant.

Over the next few months we will be building awareness of this group along with our existing ‘Trusted Partners’ and featuring these companies as a group which we are pleased to promote to help businesses in Scotland. This scheme carries the endorsement of our core partners in Police Scotland.

So for now, here is a list of cyber security Approved Practitioners and the links to their websites:

 

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.


Forgot password?