Cyber Essentials Certification

With Cyber Essentials certification now being a prerequisite for supply to many public sector projects, Metsec decided to undergo assessment according to the scheme’s requirements as the introduction.

As the company’s Sales Director of Framing explains, the initiative has benefits to both private and public sector customers: “Cyber Essentials is not just about ticking boxes to guarantee consideration on public sector projects. It adds another layer of assurance for all Metsec customers who can be confident that our data and that which we hold on their behalf is as secure as it can be, and that we take this security very seriously.

“Even with ISO 27001 accreditation, we were not guaranteed certification under the scheme. We still had to make one or two adjustments to our procedures for software updates to assure success.”

In line with all of the company’s operations, Metsec’s information security systems are backed by extensive insurance policies covering employer, professional, public and product liability.

What is cyber security?

Firstly, let’s clarify what we actually mean by the term, cyber security. It refers to how individuals and organisations reduce the risk of cyber attack. Cyber security’s main function is to protect the devices we all use (such as smartphones, laptops, tablets and computers), and the services we access from theft or damage.

It’s also about preventing unauthorised access to the vast amounts of information we store on these devices, and online.

Cyber security is important because devices such as smartphones, computers and the internet are now a normal part of everyday life, so it’s difficult to imagine how we’d function without them. From online banking, work, socialising and shopping, it’s more important than ever to understand the importance of cyber security when much of our data and lives are stored digitally. It is important to always keep ahead of cyber criminals and prevent them from getting hold of our accounts, sensitive data, and access to devices.

Industries at risk from cyber attacks

Every industry is at risk of a cyber attack. However, there are some particular industries that have been classified at a higher risk of becoming victims of cyber attacks due to organised criminal activity. This includes financial systems, utilities and industrial services, consumer services, aviation and large corporations.

The computer systems of financial regulators and financial institutions are prominent targets for cyber criminals interested in manipulating markets for gain. Websites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are also often targeted because of the potential for quick financial gain from transferring money, making purchases, or selling the information on the black market. Common devices targeted include desktop computers, laptops, tablets, and smartphones are often targeted to try to gain the passwords or account information from online banking.

What is the Cyber Essentials Scheme?

Cyber Essentials is designed to help organisations guard against cyber attacks, including malware, ransomware and phishing. Companies have a legal obligation to protect customer information to the highest standard, and the consequences of a cyber attack can be distressing for individuals and organisations.

Who Developed Cyber Essentials?

The British Government collaborated with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials. It was officially launched in 2014. Cyber Essentials is essentially a set of basic technical controls that can be used to help organisations protect themselves against common online security threats and cyber attacks.

What does the Cyber Essentials Scheme offer?

The scheme proposes five key areas of control which are designed to prevent cyber attacks; firewalls to secure internet connections, security settings for devices and software, controlling access to data and services, protection from viruses and malware and software updates. The scheme enables organisations from any industry to gain one of two types of Cyber Essentials badges. It is supported by industry, including the Federation of Small Businesses, the CBI and a number of insurance organisations.

You can use the National Cyber Security Centre’s search service to find out if an organisation has a valid cyber essentials certificate issued in the last 12 months. The service could be used for businesses wanting to collaborate with other organisations and ensure they are actively protecting themselves against cyber threats and attacks.

Some useful facts about Cyber Essentials:

  • All Cyber Essential Certificates expire after 12 months when issued by IASME.
  • If you purchase the certificate using the verified self-assessment, it will generally cost £300 + VAT. However, costs do vary depending on the size and complexity of a network if you are looking to get Cyber Essentials Plus.
  • The scheme is also available for overseas organisations.
  • It usually takes IASME one to three working days from the time the assessment is submitted to provide a response.

How are Cyber Essentials assessments verified?

Once an assessment is completed, an IASME board member signs a declaration to confirm that the assessment answers are true. A qualified assessor who works for a Certification Body then evaluates the responses.

How to protect yourself online

Install an SSL Certificate on your website – An SSL certificate is a protocol for encrypting internet traffic and verifying server identity. If a website starts with a HTTPS web address then it uses an SSL. They help to make a site extra secure and protect information. Where websites do not have an SSL, many web browsers now provide a ‘not secure’ warning.

Apply a firewall – This will help make it harder for a device to become infected with malware. Malware is malicious software designed to infiltrate or damage a PC or network covertly so you do not know what is happening.

Create unique passwords – It is important to ensure you change passwords often in case any information has been compromised previously. This also makes it harder for cyber hackers to access your accounts. You should make these passwords different for various accounts and add special characters.