Is your organisation properly protected from malware? How do you know if your cyber security is good enough? Luckily, it's easy to find out with UK government-backed Cyber Essentials Certification.
Cyber security audit and certification
UK Government scheme
Self assessment that proves your cyber security is up to standard
For all organisations
Designed for businesses, charities, schools & public sector
Keep your data safe
Follow the 5 baseline principles of cyber security
Who is behind Cyber Essentials Certification?
Cyber Essentials is operated by the National Cyber Security Centre (NCSC). The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.
Who needs Cyber Essentials Certification?
The UK government endorses and encourages Cyber Essentials certification for schools and colleges, charities, public sector organisations and all types of business. The required measures are simple and economical to put in place, yet they protect organisations from around 80% of common cyber attacks.
What are the benefits of getting Cyber Essentials Certification?
Avoid the expense of being hacked
Did you know more than half of ALL organisations in the UK are hacked every year? Completing the self-assessment guides you through the basic defence measures, helping you make sure your organisation is protected against a wide variety of the most common cyber attacks.
Get FREE cyber liability insurance
You can get FREE cyber liability insurance if you certify your whole organisation, and have less than £20 million annual turnover (terms apply).
Your school can qualify for ESFA funding
Schools and other education providers that receive ESFA funding must have Cyber Essentials certification.
Gain more customers with Cyber Essentials Certification
Attract new business and revenues, with proof that you take precautions to protect customers’ confidential data from hacks and leaks.
Win more contracts
You can gain a competitive edge if you include your certification in bids, especially those that involve handling personal data. To bid for some central government contracts, you must have Cyber Essentials certification. This includes any contract for which you will handle personal data.
What are the five Cyber Essentials Certification controls?
The theme across all five controls is consistency. You need to iron out loopholes, make sure you apply the same standards to everything, and keep it all up to date.
Firewalls
Firewalls are a software barrier between your internal networks and the internet. They should be installed on any device that can access the internet, including personal phones that access school or company data. They’re especially important when using public Wi-Fi.
Secure configuration
Disabling or removing unnecessary functions, and changing default passwords, reduces the risk of a security breach.
Access control
Instead of giving all users blanket access to everything in your network, you should only give access on a ‘need-to-know’ basis. All accounts should be protected with strong passwords or two-factor authentication.
Malware protection
Malware such as viruses and ransomware can easily infect your systems if someone is tricked by a phishing email, or through USB sticks. Antivirus or anti-malware software can protect your data. You can also use ‘whitelisting’ and ‘sandboxing’, which means testing an application with no access to the rest of your network to make sure it’s safe.
Patch management
When software manufacturers discover a security loophole in their software they release a ‘patch’ to close it. You should install every update as soon as it’s available. Never use old software that a manufacturer is no longer supporting in this way.
How to get Cyber Essentials certification
The National Cyber Security Centre (NCSC) has a partner called the IASME Consortium, which issues certifications. There are two levels of certification.
Cyber Essentials Certification
For the basic certification, your businesses and organisation must complete a 28-page self-assessment questionnaire that checks five categories of basic security controls. A qualified assessor then verifies the written information you provide.
You can download the self-assessment questionnaire in advance, free of charge.
Cyber Essentials Plus Certification
This higher level of certification covers the same five security controls, but each is independently verified by a hands-on technical audit. If you fail your Cyber Essentials Plus audit, you have just 7 days to rectify any issues it highlights.
”Treat passwords like underpants. Change them often, and never share them!
Flywheel Helpdesk
“
Working through our Cyber Essentials Certification with Flywheel showed up a few gaping holes in security that we were shocked we had overlooked. The whole exercise was worth every penny.
Why use Flywheel’s help?
We have helped companies across the UK obtain their Cyber Essentials Certification and beef up their security solutions.
We’ll help if you’re not technical
If you do not have a technical IT background – especially if you have a complex company structure – some of the Cyber Essentials self-assessment questions can be difficult to understand. Our qualified cyber security specialists can help you answer the assessment questions accurately.
If you are technical, we’ll save you time
If you do have IT professionals in-house, completing either level of certification can still be very time consuming. We can help you and significantly speed up the process.
We can implement cyber security measures if you need them
If you need to make changes to fulfil the requirements, we can advise you on what needs doing, or implement them for you under our managed services contract.
Get Cyber Essentials Certification with our help
The benefits include free cyber insurance, school funding, winning more procurement bids, retaining customers and, above all, peace of mind that your organisation is safe from ransomware and data theft.
How it works
Useful links and further information
National Cyber Security Centre (NCSC) Cyber Essentials website
