4 min read

IASME Cyber Essentials FAQs

Featured Image

IASME Cyber Essentials was introduced by the UK Government to help small businesses tackle cyber threats and prove to their customers and clients that they have sufficient security measures to mitigate most common security risks.

Today, Cyber Essentials has grown in popularity. Back in 2015, 1,000 companies became Cyber Essentials compliant. Fast forward today, and awareness of cybersecurity has grown significantly, with 77% of businesses reporting cybersecurity to be a high priority for their directors or senior managers.

Security has taken a higher priority and IASME Cyber Essentials is an ideal starting place for any sized business. For other businesses, supply chain requirements or industry regulation has forced their hand, requiring their business to gain IASME Cyber Essentials in order to do business. In this article I cover some of the questions I am most frequently asked about the certification.

Why was Cyber Essentials launched?

WHY WAS CYBER ESSENTIALS LAUNCHED


IASME Cyber Essentials was launched back in 2014 by the Government in recognition that there wasn't a compliance out there fitted for small businesses. ISO 27,001 was the only industrial, security industry standard available and it was very complicated and not really suited to small businesses. So in that space, Cyber Essentials was launched.

 

Cyber Essentials requirements

2. Cyber Essentials Checklist


IASME Cyber Essentials has five controls which is designed for the small businesses:

  1. Malware protection
  2. Firewall control
  3. Access control
  4. Secure build
  5. Access management

Amazingly, they can mitigate against 80% of the cyber attacks at the moment. I am a big believer in MED, minimal effective dose, and these very five basic controls can really protect small businesses against cyber attacks.

The National Cyber Security Centre have created a really good leaflet that summarises Cyber Essentials controls, download it here.

 

Why do small Businesses choose Cyber Essentials?

Why do small businesses become Cyber Essentials certified

 

There's really two reasons why business choose to become certified through IASME Cyber Essentials:

    1. To show their willingness to protect their business and ultimately their customers and their supplier's data against cyber attacks.

    2. We are also seeing businesses being forced by the supply chain to have these compliance measures in place. It is regulatory. Clients approach us because their contract stipulates that they must have Cyber Essentials. The reason for this is because there is an ongoing, big issue with supply chain threats where cyber criminals and cyber hackers will try and infiltrate the supply chain. The bigger companies are being targeted through the smaller businesses. They are using the small businesses as a weak chain in the link to attack the larger organisations.

Cyber Essentials self-Assessment

How is Cyber Esseentials assessed?


IASME Cyber Essentials is, at its very basic form, a self-assessment. The assessment is done online through the IASME website. IASME are a Government partner, chosen by the National Cyber Security Centre to lead the certification

Download a copy of the self assessment questions.

 

Cyber Essentials COST

Cyber Essentials cost


The cost of the Cyber Essentials assessment is £300 +VAT. This does not include the cost of the security defences that you need to pass the certification, such as firewall controls and malware protection. You may also need to take into consideration the time you need to create new documentation, implement policies or undergo ongoing audits.

Many businesses work alongside a security partner to ensure they are compliant and pass first time. There are a variety of service levels you can choose from. Some services simply complete the self-assessment on your behalf, which can cost in the region of £300-500 (not including the cost of the assessment). Other providers offer a more in-depth service. IT and security companies, such as Superfast IT, help small businesses through Cyber Essentials consultancy. We, for example, offer a fully managed service for a fixed fee of £100 per month, which would include the cost of the assessment.

As a part of the cost, we perform an initial gap analysis and ensure that all required security controls are properly configured before submitting the self-assessment. That way you can be safe in the knowledge that your security is installed, maintained and regularly updated with the all important security patches. We also complete ongoing security audits, as the certification stipulates. 

Find out more about our Cyber Essentials consultancy service or speak to one of our experts to find out more.

 

CYBER ESSENTIALS CONSULTATION

Get in touch

8 min read

Cyber Tuesday at Birmingham Tech Week

Birmingham has much to celebrate, with a thriving technology sector. Cyber Tuesday, as part of Birmingham’s Tech Week,...

10 min read

Cybercrime tips and facts for West Midlands businesses

Last week, DI Hinesh Mehta from the West Midlands Cyber Resilience Centre and I  presented the webinar: ‘Cyber Security...

2 min read

Are you missing out on Home Office-funded Cyber Security?

Business leaders encouraged to take advantage of Home Office funded cyber security in virtual networking event.  

...