< Cyber Essentials Certification | BCN

Safeguard Data with Cyber Essentials

Protect your organisation from hacking and attacks with Cyber Essentials certification

What is Cyber Essentials?

Cyber Essentials is a UK Government’s scheme to help businesses protect themselves against cyber attacks and hackers. The scheme gives your organisation a framework of five standard yet essential security controls: Firewalls, Secure Configuration, User Access Control, Malware Protection and Patch Management. Whether your business has the appropriate internal expertise or not, you can use the cyber essentials scheme to help mitigate against ever-present security risks.

What is the scope for software and devices?

Cyber Essentials requirements now apply to all devices and software which fall within the boundary of scope that meet any of these conditions:

01

Can accept incoming network connections from untrusted internet-connected hosts; or

02

Can establish incoming network connections from untrusted internet-connected hosts; or

03

Control the flow of data between any of the above devices and the internet.

What does Cyber Essentials cover?

The Cyber Essentials scheme reviews your systems and zones in on five key control areas:

Network and firewall security

– Ensuring you have basic levels of network security and are safely connected to the outside world.

Security configuration

– Ensuring that you’re implementing the correct security measures across all devices, both infrastructure, and end-user, covering home-working and in-office devices.

Controlling and limited user account access

– Protecting both your end-users and data from internal/external threats.

Malware Protects

– Malware attacks are one of the most significant risks facing businesses today. As such, Cyber Essentials reviews all your devices to ensure they are sufficiently protecting your data and privacy.

Patch Management

– Ensuring all connected devices receive the latest software and security patches.

Cyber Essential Certification

There are two levels of Cyber Essential certifications available for businesses:

Cyber Essentials

Cyber Essentials is the entry-level framework that provides organisations (regardless of size or sector) with a risk assessment and improvement recommendations. The resulting report will help increase awareness and prompt a behaviour change.

Cyber Essentials Plus

Cyber Essentials Plus builds on the basic framework to give you a deeper understanding of vulnerabilities. It does this by scanning all in-scope environments, such as user devices, internal gateways, and servers. However, you must complete the Cyber Essentials assessment first.

BCN Group’s Cyber Essentials Process

To ensure our customers successfully pass their Cyber Essentials assessment, BCN will now perform a readiness assessment of their IT infrastructure. The assessment will ensure any vulnerabilities or issues are resolved prior to your formal Cyber Essentials audit.

 

The assessment will cover your complete inventory of end-users (servers, firewalls, workstations, laptops, company-issued mobile phones, tablets, etc.), including the quantity, Operating System, and build versions, before proceeding to ensure all Operating Systems are supported and are receiving firmware updates.

01

Readiness Assessment

1-day on-site or remote assessment

 

  • Discuss current policies with key stakeholders. 

  • Collation of crucial information to proceed with accreditation. 

  • Technical audit of IT systems in place. 

  • Production of Cyber Essentials Evendine Readiness document highlighting any shortcomings before proceeding with Cyber Essentials accreditation.**

  • ** Any remediation work identified, will be quoted as a separate cost and will need to be completed before Cyber Essentials audit can begin

02

Cyber Essentials

1-day remote consultancy and support

 

  • Assess and gather information on your environment.

  • Minor technical amends can be made (up to 2 hours).***

  • *** Subject to access and any major changes may require additional chargeable time, if the changes are undertaken by BCN we will complete the audit and submission at no extra cost. Where changes are made either by the customer or another party, we will require an additional ½ day to verify the changes and submit the audit

  • Ensure required IT policies are in place.

  • Application completion by BCN Group and submission to IASME.

03

Cyber Essentials Plus upgrade

2-day remote consultancy and support

 

For customers who want to upgrade to CE+ you must have already been accredited to CE; this must be done within 90 days to achieve CE+.

 

  • Internal assessment of up to 10 end-user build samples.

  • External vulnerability scan for up to 16 IP addresses.****

  • **** Depending on customer size, further IP addresses may be needed for scan therefore additional chargeable time may be required.

  • Application completion by BCN Group and submission to IASME.

What are the benefits of Cyber Essentials Certification?

Cyber Essentials accreditation allows you to focus on your core business objectives, offering protection from most cyber-attacks. In turn, you can drive business efficiency, save money, and improve productivity by streamlining processes.

Demonstrate security

Demonstrate to clients, insurers, investors, and other stakeholders that you have taken the precautions necessary to reduce cyber risks.

Increase opportunities

Bid for UK Government contracts that involve handling sensitive information, increasing your chances of securing business within the private sector.

Save money

Insurance agencies look favourably upon organisations that hold a Cyber Essentials accreditation, resulting in lower insurance premiums.

Find out how BCN Group can support your business

Get in touch with the BCN Group security team today to begin the process of becoming Cyber Essentials accredited and ensure your business is protected against cyber attacks.