Cyber security accreditation is important, but it makes you wonder what it actually means, what do you have to do to achieve it and is it regulated?
What’s your first thought when you see the ‘Cyber Essentials’ logo on somebody’s web site? “Wow!” … maybe, “That’s reassuring.” … possibly, “ Yeah – whatever, they just clicked ‘yes’ to all the questions and hit ‘Submit’” … almost certainly.
The Cyber Essentials certification framework is designed to inspire confidence in the UK supply chain by providing organisations with a checklist to ensure that they are complying with cyber security best practice. A very noble cause, except that the basic version of Cyber Essentials (i.e. without the ‘Plus’ at the end) is a self-certification process. This means that it relies solely on trust. Trust that the organisation you are dealing with will take the appropriate security measures to protect your sensitive data when it is in their hands.
As a nation, we Brits are a trusting lot. We place great store in the integrity of our fellow countrymen. Unfortunately, we can also be a bit, well … naïve. That’s why you need to be appraising your partners based upon the ‘Cyber Essentials Plus’ accreditation. Why? Because the ‘Plus’ at the end means that an external assessment body has verified your cyber security posture.
Sounds simple? Don’t be fooled. The external verification process is very rigorous. It involves penetration testing, simulated virus ingress, and malicious script testing on your end-user devices (to name just a few tests). The end result, however, is well worth the effort, as you can a stick a logo on your website that gives genuine assurance on your organisations cyber security posture.
Not sure where to start? Simple, as a Cyber Essentials Plus accredited, next-generation security provider; we can step you through the process of getting verifiably secure. After all, your fellow Brits have got enough on their plates to worry about at the moment, without having to worry about your security.
Find out in our blog post here.