NCSC logo

About

How can Cyber Essentials help you?

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.

Three levels of engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

  1. The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.

  2. If you need more certainty in your cyber security, you can go for basic, or entry level Cyber Essentials certification.

  3. For those who want to take cyber security further, you can go for Cyber Essentials Plus certification.

Certification explained

Cyber Essentials

Our self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

The process of obtaining Cyber Essentials Certification is simple and costs around £300. Along the way, you can opt to buy as much or as little help as you need from the company you choose to certify you. You can learn more about the process here.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and GDPR

The GDPR is a far reaching set of regulations, intended to guarantee the privacy of individuals and protection of personal data, within the European Union.

Although the regulation demands that you take appropriate measures to protect the integrity and confidentiality of any personal data you hold, it does not provide a check list of measures for you to take. Instead, it specifies that you must determine your own cyber security approach based on the personal information you hold and the risk to individuals were that information be lost or compromised. The NCSC has published some information on the relationship between GDPR and cyber security.

Cyber Essentials can help with this, but it’s not a solution for all your GDPR obligations. It’s also important to realise that the information security which GDPR requires extends beyond cyber security to include things like the physical and organisational security measures necessary to protect personal data.

The Information Commissioner’s Office (ICO), whose job it is to uphold the GDPR in the UK, recommends Cyber Essentials as ‘A good starting point’ for the cyber security of the IT you rely on to hold and process personal data. Our technical controls will give you a solid base on which you can build your cyber security as appropriate.

The GDPR came into effect on 25 May 2018.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification. More information is available here.