Cyber Essentials and getting your business certified

18 Aug 2021
The Cyber Essentials certification provides you with the tools and knowledge you need to protect your business against common threats.

Backed by the UK government, the Cyber Essentials scheme was created in 2014 to empower companies with the tools and knowledge to keep their data, customer information,  and businesses protected from cyber-attacks.

With cyber security breaches on the rise, we’ve created this guide on the importance of Cyber Essentials and how to get your business certification easily and cost-effectively. 

Naq Cyber is an official Cyber Essentials certifying body. In addition to world-class cybersecurity, data protection policies and GDPR compliance, our customers can achieve their Cyber Essentials certification for a discounted rate of just £250. Click here to view our subscription options or try us for free. 

What is the Cyber Essentials Certification? 

The Cyber Essentials certification provides you with the tools and knowledge you need to protect your business against common threats
The Cyber Essentials certification provides you with the tools and knowledge you need to protect your business against common threats

In addition to highlighting your company’s commitment to cybersecurity, becoming Cyber Essentials certified outlines that your business adheres to a number of technical security controls to protect your and your customer’s data. Specifically, these controls will help your business avoid falling victim to some of the most common cyber attacks, such as phishing and password-guessing. 

There are two certifications as part of the scheme, Cyber Essentials and Cyber Essentials Plus, and both require the implementation and continued adherence to five technical controls.

What are the five technical controls? 

The five technical controls refer to the five things you need to implement as a business to meet the Cyber Essentials certification criteria:

Firewalls: Ensure your business devices are using firewalls to maintain protection from outside networks. This is especially important if they regularly connect to untrusted, external networks such as cafes and airports. 

Maintaining security through settings: Review your device settings, particularly if they’re new to disable any unnecessary sharing settings. Make sure laptops, phones and computers require passwords for access and switch on two-factor authentication for apps and software containing sensitive information. 

User Access and Security: Provide users with only the required level of access needed to carry out their duties, limiting administrative access to specific users if necessary. Maintain a record of all the different software and apps used within your organisation, making sure to revoke access to users no longer in the business. 

Malware Protection: The NCSC outlines several measures to protect your business from malware, including keeping your operating systems up to date and creating allow lists for software allowed on business devices. Read our guide on protecting your business against malware and what to do if you’ve been hacked. You can download our guide right here.

Keep Your Devices Up To Date: In addition to new features,  operating system updates include fixes for new security vulnerabilities, making it one of the easiest and most important things you can do to keep your devices safe. Most devices have automatic update options, allowing these to be installed while you’re not using your device. 

Our Naq platform makes it incredibly easy to keep track of these and additional security actions across your entire business, providing you with precisely what you need to do to meet the Cyber Essentials certification criteria. Click here to start your 30-day free trial.

Which certification is right for my business?

The difference between these certifications comes down to assessment. Cyber Essentials allows you to carry out your own self-assessment, where you’ll review your current cybersecurity measures and implement the five technical controls across your business. This certification level is ideal for smaller businesses looking to implement key cybersecurity measures. 

Cyber Essentials Plus requires a technical assessment where an independent assessor reviews your IT infrastructure across the five technical controls.

Whichever certification you choose, undertaking the certification process will provide you with an overview of your current cybersecurity practices, highlighting areas for improvement and provide you with the guidance you need to keep your business secure.

Looking for actions to implement across your business today? Our 7 Cyber Security Best Practises for Small Businesses get you started with 7 easy to implement cybersecurity actions. 

How do I become certified?

As a Cyber Essentials certifying body, we can guide you through the certification process, outlining which of our security actions you need to complete to meet the CE certification requirements. Additionally, Naq customers can benefit from a discounted certification rate of £250, including all the guidance you need to pass first time. 

Are you looking for assistance with your business security and data compliance? Click here to take a look at everything included with our Naq subscriptions and get started for free.