Reading Time: 4 minutes

Preparing for Cyber Essentials

2nd January 2024 | Modified: 3rd January 2024

Reading Time: 4 minutes

This guide is intended to set out the process of preparation and gaining the Cyber Essentials and/or Essentials Plus certification.

By attaining Cyber Essentials certification, your organisation demonstrates a commitment to cybersecurity best practices, instilling confidence in your clients.

This certification serves as tangible evidence of an organisation’s dedication to securing sensitive information, fostering trust in an era where data security is paramount.

Additionally, Cyber Essentials serves as a proactive approach to compliance with data protection regulations, helping organisations avoid legal and financial consequences associated with non-compliance.

Summary of Certifications

CYBER ESSENTIALS

This is the self-assessment which involves hitting the criteria set out by IASME which can be found here.

CNC will help you meet these criteria and then fill out the online form to gain certification

CYBER ESSENTIALS PLUS

This expands on the above and requires the organisation to have already successfully passed the Cyber Essentials certification. An auditor will remotely scan several machines, servers and your public IP addresses to confirm your network meets Cyber Essentials criteria

Pre-Requisites

Both Cyber Essentials certificates are concerned not only with the hardware and software being used by your company, but also the processes in place for managing the risk posed by Cyber Criminals.

Within your company policy you must have the following set in order to be compliant with the criteria, if you need assistance in the wording of these policies we can assist during your assessment

Password Policy
Internet Usage Policy
Data Protection Policy
A structured Starter and Leaver Policy
Business Case for Remote Working i.e. Remote Desktop Access, VPN etc
Home Worker Policy
Mobile Device Management Policy.

Your Responsibilities

For CNC to be able to complete the accreditation smoothly, you will need to provide certain information in advance.

We will be sending these questions out before having a remediation meeting. It is expected all these questions be answered before the meeting to ensure a smooth certification process.

Remediation Meeting

CNC will gather all information required for any remediations required before our meeting. Proposals for the remediation work will be submitted to you and require to be signed off.

Many of the remediation will require downtime to your network so may be best done out of business working hours. This will all be agreed within our remediation meeting.

The Process Undertaken by CNC

Once the remediations have been signed off we can start work on your network. The vast majority of the work can be done in the background without any disruption.

Some of the work will require you to make sure your mobiles are up to date as well as updating any policies that require amendments. The self-assessment is then completed by CNC and upon completion you shall be provided with the Certificate.

Cyber Essentials Plus

Once you have gain Cyber Essentials you can then apply to do Cyber Essentials Plus. You have to pass CE Plus within 3 month. As the standards of Cyber Essentials and Plus are the same there should be no significant work required to your network at this point.

The Assessor will arrange a time and date with random members of staff to check over their computers aswell as ask them a few security questions. Once this is complete they will provide a report if any parts of the network needs updating/changing in order to pass CE plus.

In Conclusion

In conclusion, Cyber Essentials certification plays a pivotal role in safeguarding organisations against the ever-evolving landscape of cyber threats. As businesses increasingly rely on digital technologies, the need for robust cybersecurity measures becomes imperative to mitigate the risks associated with data breaches, financial losses, and reputational damage.

Cyber Essentials provides a structured framework that assists organisations in establishing fundamental cybersecurity practices, ensuring a baseline level of protection against common cyber threats.

Furthermore, Cyber Essentials is not merely a one-time achievement but an ongoing process that encourages a culture of continuous improvement in cybersecurity practices. As threats evolve, maintaining Cyber Essentials certification ensures that organisations stay resilient and adaptive in the face of emerging challenges. Ultimately, the importance of Cyber Essentials certification lies in its role as a foundational step towards building a cyber-resilient organisation in an interconnected and digitally-dependent world.

By Paul Stephenson

Paul has spent his career working in IT and telecoms across a variety of business sectors. He has a passion for training and imparting knowledge to people guiding them to use their systems in the most effective way.

READ PAUL'S POSTS

More info?

Would you like our sales team to help with your cyber security?

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.