Working in partnership with Scottish Government, the National Cyber Security Centre (NCSC) and other industry partners, SBRC has been promoting Cyber Essentials to organisations in Scotland as the baseline standard for cyber security.
Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts, that will help protect your organisation against a range of the most common internet borne cyber-attacks. Cyber-attacks come in many shapes and sizes, but the vast majority are very basic in nature and can be prevented.
The scheme has been carefully designed to guide organisations of any size in protecting themselves against cyber threats which include malware, ransomware and phishing, through the use of five technical controls and implementing basic cyber hygiene.
It offers two levels of certification, Cyber Essentials (basic) and Cyber Essentials Plus which provides a greater level of assurance following additional verification of your cyber security by independent professionals.
Is Cyber Essentials For You?
As our reliance on the internet has increased, so too has the threat of cyber and internet enabled crimes.
All businesses and organisations are a potential target of an attack, particularly if they do not take some simple precautionary measures to protect themselves. Any company with an IT network that relies on the internet could be at risk of attack and computerised systems for payroll, marketing (via social media or a website), booking systems, customer databases including payment details or other sensitive information could be compromised. Of course, this does not just affect business. Cyber-attacks are a real risk to the third sector aswell, from the small, locally run playgroup that holds a database of children’s names and addresses to larger charities delivering services to vulnerable adults.
The majority of cyber-attacks exploit basic weaknesses in IT systems and software. Most organisations would struggle to operate effectively if they lost access to their data or were not able to send or receive e-mails. By focussing on basic cyber hygiene, Cyber Essentials control measures show how to address those basic weaknesses and prevent the most common internet borne attacks.
Businesses of all types and sizes already use Cyber Essentials to help protect their IT networks from attack. So no matter what your organisation does, Cyber Essentials can help keep the devices and data you rely on safe.
Cyber Essentials (basic) is an independently verified self-assessment option which helps protect your organisation from the most common cyber-attacks. Upon submission of a completed assessment questionnaire, an independent review will be carried out to verify your responses against the Cyber Essentials baseline standards and if successful, you will be awarded a certificate and badge that you can display on your company website.
For those who want to take cyber security further, Cyber Essentials Plus offers the same simplicity of approach as Cyber Essentials (basic) but also involves physical tests of your network and computers by independent professionals. Successful accreditation against Cyber Essential Plus provides a higher level of assurance that your organisation has a strong cyber security regime with correctly implemented controls thereby maintaining a robust defence against internet-based attacks. On completion you will be awarded an enhanced certificate and badge that you can display.
How Does Cyber Essentials Work?
Cyber Essentials sets out five technical controls which can be implemented immediately to strengthen your cyber defences against internet-based attacks.
- Use a firewall to secure your internet connection
- Choose the most secure settings for your devices and software
- Control who has access to your data and services
- Protect yourself from viruses and other malware
- Keep your devices and software up to date
For more information and NCSC advice on the Cyber Essentials technical controls please visit the NCSC website.
There are three simple steps to certification.
- Select a Certification Body
- Verify that your IT is suitably secure and meets the Cyber Essentials standards – your Certifying Body or IT Professional can help with this
- Complete the assessment questionnaire – your Certification Body will verify your answers. Once you have passed you will be awarded the Cyber Essentials/Cyber Essentials Plus certificate as appropriate.