ORGANISATIONS IN the UK are set to benefit from a refreshed Government-backed scheme which supports them to protect themselves against the majority of cyber attacks (including ransomware).
Cyber Essentials, which is developed by the National Cyber Security Centre (NCSC) – itself a part of GCHQ – and delivered by IASME, is a certification scheme that supports organisations of all sizes to guard against online threats and demonstrate a commitment to cyber security to customers and stakeholders.
The certification scheme has been updated following a major technical review which will help organisations to maintain their minimum cyber hygiene in an evolving threat landscape. Among the main changes are revisions to the use of cloud services, home working, multi-factor authentication, password management and security updates.
Through the Cyber Essentials scheme, businesses can learn how to defend themselves by securing Internet connections and devices, controlling access to data and understanding how to protect against ransomware.
The benefits of achieving certification include being able to reassure customers that the data held by an organisation is resilient to an attack, the ability to attract new business with the promise that cyber security measures are in place and also having a clear picture of the cyber security level.
Constantly changing landscape
Chris Ensor, deputy director at the NCSC focused on cyber skills and growth, said: “The landscape in which organisations are operating in cyber space is constantly changing. This major refresh of the technical controls reflects the cyber security challenges of today.”
Ensor added: “We’ve strengthened the Cyber Essentials scheme such that it continues to meet evolving threats and the increased risk of ransomware. I would encourage UK businesses of any size to take part in this scheme in order to protect themselves from the most common attacks.”
Many of these changes have been developed by the NCSC based on the feedback of assessors and previous applicants to the scheme, as well as consultation with members of the Cloud Industry Forum.
From now, the refreshed Cyber Essentials scheme will also incorporate a renewed pricing structure which better reflects the increasingly complex nature of assessments for some organisations.
Achieving Cyber Essentials certification allows businesses to reassure customers that they have put measures in place to secure their IT against cyber attacks. They can then attract new business with the promise that they have independently verified cyber security measures in place.
Further, organisations have a clear picture of their cyber security level and can also apply for some Government contracts which require Cyber Essentials certification.
*Further information for businesses on how to achieve Cyber Essentials certification can be found on the IASME website
**The NCSC has written a blog post outlining the latest changes to Cyber Essentials