There have been many products and services developed to help protect and secure business data, but many have been out of the reach of small to medium sized businesses. In 2014 the National Cyber Security Centre (NCSC) in partnership with the Information Assurance for Small to Medium-sized Enterprises (IASME) developed the Cyber Essentials Scheme.
IASME had already been assessing companies against their IASME Governance Scheme to help small businesses reach security levels close to the expensive and sometimes unattainable ISO27001. The Cyber Essentials Scheme further helped to make cyber security an affordable, achievable and effective protection against over 80% of the known internet-based threats.
Cyber Essentials helps organisations implement basic levels of protection against cyber-attacks. A Cyber Essentials Certificate and the 'tick' badge demonstrates to customers, suppliers and insurers that you take cyber security seriously.
The scheme is available at two levels:
Cyber Essentials Basic - an independently verified self-assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
Cyber Essentials PLUS - a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
The five basic controls within Cyber Essentials will help to protect against unskilled internet-based attackers using standard tools. The five controls are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Organisations that undertake Cyber Essentials will need to re-certify every year and where appropriate progress their security.
BC technologies are a Certification Body for the Cyber Essentials Scheme and have been assessing businesses since 2016. We provide a service to prepare companies to reach the required level and assess against that standard, enabling us to protect businesses across the UK and give them peace of mind.
With the introduction of the GDPR in May 2018 and The Data Protection Act 2018, we also provide consultancy services to meet these requirements. This service borrows elements of the Cyber Essentials Scheme along with IASME Governance with specific GDPR questions. a successful assessment will ensure a company is at a compliance level that protects Personal identifiable Information from unauthorised access and help against fines from the Information Commissioner’s Office (ICO).