Cyber Essentials for Small Businesses (Part 1)

WHAT IS CYBER ESSENTIALS?

Cyber Essentials is a UK government scheme supported by the NCSC (National Cyber Security Centre). It was launched on 5 June 2014 and is a requirement for suppliers to the central UK government who handle certain kinds of sensitive and personal information.

As it stands, there is no specific data available regarding the exact number of businesses in Ireland that are Cyber Essentials certified. However, it would appear, that the Cyber Essentials certification is widely adopted and growing in popularity within the UK and Ireland, driven by increasing awareness of cybersecurity needs and compliance requirements.

SCOPE OF CYBER ESSENTIALS

Cyber Essentials covers the following key areas (to be discussed in more detail in a follow-up article):

  • Firewalls and Internet Gateways: Ensuring a secure connection to the internet.
  • Secure Configuration: Keeping devices and software configured securely.
  • Access Control: Managing user access to data and services.
  • Malware Protection: Defending against malicious software.
  • Patch Management: Keeping software and devices up to date with the latest patches.

WHY DID MINT TEK CHOOSE CYBER ESSENTIALS?

Mint Tek Circuits chose to become Cyber Essentials certified because it offered a clear and structured path to improving our cybersecurity without incurring significant costs.

At the research stage we did investigate if there were any Irish alternatives to Cyber Essentials and learned that there is the Irish Cyber Security Baseline Standard which was introduced in 2019. This standard aligns with the American NIST Framework, which is a framework of cyber security guidance published by the U.S. National of Institute of Standards and Technology.  There is no formal certification process for this standard, it is but more of a guide for business to follow to become more Cyber secure which is indeed very helpful for many business which use it.

We chose Cyber Essentials as there is a formalized certification process in place, something which was attractive for us, some of the advantages of Cyber Essentials are listed below;

  • Provides formal validation that an organization meets specific security standards.
  • Enhances the credibility and trustworthiness of an organization.
  • Can provide competitive edge in the market.
  • Business is inclined towards continuous improvement.
  • There can be financial incentives around insurance.

TYPES OF CYBER ESSENTIALS

There are two levels of certification within the Cyber Essentials scheme:

1. Cyber Essentials

This is the basic level of certification and involves a self-assessment of the organization’s cybersecurity practices. This article focuses on this level.

2. Cyber Essentials Plus

This is a more advanced level of certification and includes the same requirements as the basic Cyber Essentials but with additional verification through an external technical audit. It provides a higher level of assurance that the security measures are implemented correctly.

FIND AN IASME VENDOR

Once you have decided to proceed with Cyber Essentials, you will need to find a certification body accredited by IASME Consortium to carry out the certification process. The certification body will guide you through the process and conduct the necessary assessments. There are several Irish companies that can provide this service as well as UK based companies. We have worked with Radius Technology Solutions Limited and Cyber Tec Securityto obtain our Cyber Essentials certificate over the last 3 years.

COSTS

Costs for Cyber Essentials basic certification can vary depending on the services offered by the vendor, some offer to grant you unlimited email support or video conferencing support, so depending on their package you can be paying in the range of around €550 – €1000.

Costs for Cyber Essentials Plus can vary significantly depending on the vendor and services offered.

PART 2…

In Part 2, I will provide more details on going through the certification process and describe some of the documents we used to become compliant, which I hope will be helpful to other small businesses.

Share