Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
What is Cyber Essentials and Cyber Essentials PLUS?
Cyber Essentials is the government endorsed standard which helps businesses prevent the vast majority of cyber attacks. Businesses rely more and more on their IT systems but often overlook the need to have them tested and adequately protected. With the rise in viruses, ransomware and targetted attacks, it is only a matter of time before a cyber criminal comes knocking at your businesses door. If you have not taken simple steps to close the front door and lock the front door then cyber criminals can easily get into a lot of systems.
When you complete Cyber Essentials you will get a badge which enables you to prove to your clients that you have met the government endorsed standard. That you have protected your organisation from the most common cyber attacks and that you take your business IT security seriously.
There is now a strong push by the government to force this to be the new base line for many businesses. So much so that now you must achieve Cyber Essentials in order to be a supplier of Government contracts which involve handling personal information. More information regarding this can be found here
What options are there for SME's?
This is the standard that involves filling out a self assessment questionnaire, with responses reviewed by a qualified Certification Body such as ITWiser. ITWiser are a Certification Body for Cyber Essentials.
After obtaining Cyber Essentials, a business should aim to get Cyber Essentials Plus. Cyber Essentials Plus requires Cyber Essentials first and extends on this by testing the systems you have in place. Highly trained IT security professionals carry out these tests using the tools and techniques real world hackers do to test your network is setup correctly. ITWiser is a certification body based in Yorkshire who are qualified to carry out Cyber Essentials Plus tests.
Having carred out Cyber Essentials and Cyber Essentials Plus with ITWiser, the next logical step is to look at Information Assurance for SME's (IASME). The IASME standard was developed to target SME's for which obtaining a qualification such as ISO 27001 was going too far and very expensive to do for a business. The IASME standard is written along the same lines as ISO 27001 but have been designed for small companies. It enables small companies and those forming part of a supply chain for a realistic cost to demonstrate that they properly protect their customer information. This is available as self assessed or fully assessed by an independent auditor such as ITWiser and proves that SMEs follow good best practices.