05 Jan 2017

What is Cyber Essentials?

You may be aware of the threat of cyber attacks and are conscious that you need to protect your business; but what is available to the SME market that is practical, cost effective and going to help safeguard your business? Cyber Essentials is recognised nationwide as a fantastic option for smaller businesses and a big step in the right direction to improving protection.

It is a UK government backed scheme to help businesses better protect themselves against cyber attacks. It provides a clear guide on the controls any business should have in place to mitigate the risk of an online attack.

Launched on the 5th June 2014, it is a certification scheme that is applicable to any sized UK business, and it has been designed to make sure it viable for the needs of the SME market as well as larger enterprises.

Why do I need to worry about cyber attacks?

Your starting point is to recognise how an attack might impact your business. Think about:

  • How it could affect you if your client information was stolen?
  • How it could affect you if your website was taken offline?
  • What about if you couldn’t access any emails or your core IT systems and applications?

We are guessing that any of these scenarios would severely impact your service ability. This is your motivation for checking that your security is up to scratch and proving to stakeholders that you are taking it seriously.

Cyber criminals use tools to look for companies with weaknesses in their IT; whether that is to cause disruption through a digital platform such as your website or directly accessing your system and its data. It’s much easier for criminals if you don’t even have the core levels of protection in place.

You need to proactively manage your position to protect your money, data and intellectual property and this is exactly why the UK Government has backed this scheme and support the SME market.

IMPORTANT: The Data Protection Act is changing, can your business afford the potential 4% fines on a data breach as well as having to notify all your clients and suppliers that their data has been stolen? Most companies could not and the reputational damage alone would be bigger.

Do I need to have Cyber Essentials?

For any small or medium sized business, we ask that you do not assume this is just a problem for the big corporate names. PWC reported that 74% of small business have been a victim of cyber crime. This figure was an increase of 60% on the previous year! Think that is bad? They also report that the average cost of a worst-case security breach to a small business is between £75k – 311k. Unfortunately, IT industry will tell you that the threat of online attacks remains and is not going away. The tactics being used are actually evolving. The data shared by Cyber Essentials only supports this view:

  • One in four businesses reported a cyber breach in the past 12 months
  • 33% of small businesses and 65% of large businesses reported a cyber breach or attack in the past 12 months
  • Most cyber attacks are relatively basic so getting good basic protection in place can prevent them

Cyber Essentials for the SME Market

For a long time, larger organisations have had other IT security certification options available such as ISO27001 (information security management). The UK developed alternative, appropriate options for smaller businesses as ISO27001 was identified as too much for the SME market.

Designed to protect businesses from the most common Internet threats, this scheme has the backing of key industry players such as the FSBMike Cherry, the National Policy Chairman for the FSB explains, ‘Cyber crime poses a real and growing threat for all businesses and small firms in particular and should not be ignored. Many businesses take steps to protect themselves but the cost of crime can act as a barrier to growth. For example, some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime. In the face of an ever increasing threat of cyber attacks, the FSB supports the Cyber Essentials scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector.’

Whilst the scheme cannot guarantee full protection from all attacks, it will better protect you from the most common online threats, so it’s a great starting point for any business. Plus, achieving certification is a great business differentiator when tendering for new contracts.

What does Cyber Essentials cover?

There are 5 technical controls that the scheme assesses your business against. These are:

  1. Boundary firewalls & Internet gateways – to prevent unauthorised access
  2. Secure configuration – making sure your system is set up securely
  3. User access control – making sure access to each folder, file and application is given only to those that need it
  4. Malware protection – making sure you have the right software in place e.g. anti-virus
  5. Patch management – making sure you are maintaining the software versions as they are released.

Achieve Cyber Essentials

As of October 2016, Assign-IT became the first certification body in Hertfordshire. Now approved by IASME to assess, advise, audit and certify on the Cyber Essentials and IASME schemes, we can support other businesses in achieving the certification.

It is up to you which route you take, but Cyber Essentials is a logical option with good results and should be a strong consideration for any business. Make sure IT security is part of your plan for 2017.

If you would like to talk to someone about Cyber Essentials and security options, please do get in touch and call us on 01727 843888 or email us at