Cyber Essentials…

Cyber Essentials

Your business is at risk from cyber criminals. They are after your data, confidential information and your money! But help is at hand … in the form of Cyber Essentials, a scheme designed by the Government to make it easier for you to be protected.

Cyber Essentials requires your organisation to have five technical controls in place:

1. Boundary firewalls
2. Secure configuration
3. User Access control
4. Malware protection
5. Patch management

And it offers a certification process so you can demonstrate that you have taken the essential precautions. 

Why Get Certified

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Implementing these measures can significantly reduce your vulnerability.

It does not offer a silver bullet to remove all cyber security risk. But it does define a focused set of controls that will provide cost-effective, basic cyber security for organisations of all sizes.

In 2017, the WannaCry ransomware cyberattack crippled the NHS and infected computers in 150 countries - it’s organisations of all sizes that are at risk.

Failing to protect your business can be costly in other ways, too. One company that suffered a cyber attack, before the introduction of the GDRP was fined £60,000 by the Information Commissioner’s Office (ICO). An investigation by the ICO found Berkshire-based Boomerang Video Ltd failed to take basic steps to stop its website being attacked.

Cyber Essentials certification will help you to avoid suffering an attack or being penalised for a lack of action. It is also worth noting that fines under the General Data Protection Regulation (GDPR), can be up to 4% of global turnover or €20M, whichever is higher. You can see some of the recent fines here.

We can help you along the path towards having the technical controls in place and gaining certification.

Cyber Essentials and GDPR

GDPR, which came into effect on May 25, 2018, is intended to strengthen and unify data protection for all individuals within the European Union. It is the most important change in data privacy and security regulation in 20 years.

Some of its key points are:

• Increased fines.
  Fines can be up to 4% of global turnover or €20M, whichever is higher.
• Opt-in consent. 
  Users must give clear unambiguous consent for their data to be collected and processed. And you must have proof of how, why and when the consent was given.
• Breach notification. 
  The ICO must be informed within 72 hours of any data loss and users informed “as soon as possible”.

The Cyber Essentials scheme offers a big step towards being compliant with GDPR and most likely will put you ahead of competitors, many of whom will be dragging their heels.

The Process to Cyber Essentials Certification

We will work with you to ensure the correct processes are in place for each of the five technical controls to help you to gain Cyber Essentials Certification. This will include:

1. Preventing unauthorised access with boundary firewalls.
2. Setting up systems securely using secure configurations.
3. Restricting access to those who need it with user access control.
4. Using anti-virus software as malware protection.
5. Updating software for patch management.

This will be partially achieved through a pre-questionnaire as well as gap analysis. We will then be able to score your current state and propose a plan to rectify any issues, with work being conducted by your own team or by one of the experts here at Mirus.

The material on this page contains public sector information licensed under the Open Government Licence v3.0.

Cyber Essentials and Mirus IT

In order to demonstrate our commitment to Cyber Security, Mirus IT has invested in achieving not only Cyber Essentials, but also our Cyber Essentials Plus Certification.

Having this higher-level of government backed certification gives our clients, suppliers, and partners confidence that their IT is in safe hands when partnering with Mirus.