Cyber Essentials Certification was launched by the British Government in 2014 to protect organisations against cyberattacks. A Canadian version followed four years later.
It didn’t really hit the headlines in the way that data security schemes like the GDPR did, presumably because it’s not a legal requirement.
So if it’s not compulsory, why bother? Is tinkering about with firewall settings, antivirus programs and security updates really worth the bother? Just how essential is Cyber Essentials?
Well, while it’s not obligatory to have the certification right now, that doesn’t mean this will always be the case.
We think it’s crucial – and that’s why our latest CertiKit Toolkit helps businesses in the UK and Canada apply for certification. We wouldn’t be at all surprised if more countries follow suit soon.
1. Peace of mind: If you fail to protect your computer systems, you’re at more risk of a cyber attack. A nasty virus could result in your organisation losing vital data, disrupting cashflow and taking up staff time. An attack could also damage your reputation, prevent you from trading and land you in hot water legally. For example, loss of personal data could breach laws such as the GDPR, the Data Protection Act or PIPEDA (in Canada) and lead to prosecution.
2. Government contracts: Since October 2014, four months after the launch of the UK version of Cyber Essentials, any organisation bidding for a contract with the British Government has needed Cyber Essentials certification. In Canada, some, but not all, Government agencies and departments will demand Cyber Essentials certification for contract bids.
3. Customer kudos: Getting Cyber Essentials certification shows your customers that you take cyber security seriously and are taking steps to keep the data you hold about them safe. As well as your certificate, you will be listed on the Cyber Essentials website and be given permission to display a Cyber Essentials logo on your stationery, website and email signature. This is all great for showing customers – and prospective ones – that you’re serious about cyber security.
So what is Cyber Essentials Certification and how can it keep your business safe from cyber attacks? In a nutshell, the scheme is divided into five key areas:
Cyber Essentials guidance breaks these down into finer details, and our toolkit guides you through what you need to do to achieve certification.
And don’t just think that Cyber Essentials applies to business giants like Barclays, Hewlett-Packard and Vodafone, although all three are certified. The scheme is relevant to businesses and other organisations of all sizes.
In more recent times, there has been a push for small businesses, accountants and higher education providers to get certified. Even law firms registered with Lexel – a Law Society legal practice quality mark – are being told they, too, should be Cyber Essentials certified.
Included in our toolkit are policies on everything from firewalls and mobile devices to passwords and cloud computing. There are also forms to help you with your application, handy posters and a gap assessment spreadsheet.
Cyber Essentials certification involves three simple steps:
Once you’ve passed, you will be awarded your certificate, you will be protected against most cyberattacks and your customers and prospective customers will know their data is in safe hands.
Our toolkit costs £199. UK certification costs from between £300 and £600, depending on the certification body, and $1,750 in Canada.
We reckon that’s a small price to pay for peace of mind.
Click here to buy your CertiKit Cyber Essentials Toolkit today.