Cyber Essentials was developed in conjunction with industry partners such as the Information Security Forum, Information Assurance for Small and Medium Enterprises Consortium and the British Standards Institution. At a basic level, the goal of certification is to protect the confidentiality, integrity, and availability of corporate data from cyber threats. However, it is essential to note that Cyber Essentials is a fundamental level of due diligence. This is not a comprehensive cyber security strategy.
What are the benefits of being certified?
When certified, your business will demonstrate its commitment to cyber security, and your suppliers, partners, and customers will feel more confident sharing information with you. If you are bidding on government projects, you must have Cyber Essentials. Some MoD projects and local authorities request a minimum of Cyber Essentials Plus.
What are the five technical controls?
Cyber Essentials tests the following five parts of your IT infrastructure:
Firewall: Using a Personal Boundary Firewall built-in or dedicated to secure internet connection.
Secure configuration: You can choose the most secure settings for your device and software. And don’t use the “default” configuration settings with everything enabled. Unfortunately, these settings can give cyber attackers a chance to gain unauthorized access to your data.
User Access Control: To minimize the potential damage if an account is misused or stolen. Employee accounts should have access to software, settings, and online services, and the device connection function is enough for them to perform their role. Special privileges should be given only to those who need them.
Malware protection: To protect yourself and your business, you must protect against malware using anti-malware measures.
Patch management: No matter what phone, tablet, laptop, or computer your organization uses. It’s essential to keep it updated. This is true for the operating system and the installed app or software. This includes policies for end-of-life management when the vendor no longer supports the hardware or software.
What type of Cyber Essentials should be used by fidomoney?
Cyber Essentials is a self-assessment. The certification process is designed to be lightweight and easy to follow. When you choose a certification body, you will be asked to answer the questionnaire provided by the certification body. Fidomoney will evaluate your answers and run a vulnerability scan outside your IP address if all goes well. You will pass and will be issued a certificate. The fidomoney gains cyber essentials certification is ideal for small businesses that want to demonstrate that proper core controls are in place.
On the other hand, Cyber Essentials Plus has the exact requirements as Cyber Essentials. Still, the main difference is that the security controls must be independently assessed to verify that you have the five technical security controls. The assessment involves scanning for vulnerabilities. This identifies software that is not modified or not supported, open port, incorrect firewall configuration, etc. The information gathered will guide corrective action. This ensures that your company adheres to the five technical controls to demonstrate good data governance practices. This is because an outside agency processes your certification. You will be required to submit evidence to ensure that you comply with all requirements.
Fidomoney.com can also provide information about vulnerabilities, such as the asset/vulnerability score with the IP360 solution.