Looking to become Cyber Essentials Plus Certified?

Looking to become Cyber Essentials Plus Certified?

Looking to become Cyber Essentials Plus Certified?

Wed, 9 Oct 2024

Our Guide to Becoming Cyber Essentials Plus Certified

The Cyber Essentials scheme is a simple way for any organisation to ensure that it has adequate security controls in place to provide protection against a cyber security attack. Cyber Essentials Plus is the highest level to which this certification process can be taken, and the certificate is valid for 12 months. Security threats are always changing, Cyber Essentials Plus is regularly updated to deal with the latest threats. This is what you need to know about becoming Cyber Essentials Plus certified.

Cyber Essentials Plus Vs ISO2700?

Cyber Essentials is much more suitable for smaller organisations, as it covers far fewer areas than ISO27001. It can be difficult for smaller companies to demonstrate their compliance with ISO 27001, the implementation of an ISMS can involve a lot of complexity. The government Cyber Essentials accreditation is a much easier path as it focuses on essential security controls alone. In summary the government scheme is just far less overwhelming if you’re a smaller business.

Actions Required to Pass the Cyber Essentials Plus Assessment

  • Ensure that software on all devices and servers is up to date. You or your IT Support partner should be applying high and critical-risk security patches within 14 days of release.  It’s especially vital to do this across the board when it comes to Cyber Essentials Plus.
  • Complete a review of your antivirus software configuration. Antivirus software needs to be up to date on all devices and servers and the signatures should be updated within a 24-hour window. If there’s an option to turn on automatic updates, it’s a good idea to make sure that this is done.
  • Disable any internet-facing services that are no longer required. It’s also a good idea to ensure that where any internet-facing services require authentication to access organisation/user data there is some type of brute-force attack mitigation established.
  • Make sure all cloud users must complete multi-factor authentication. This will be required to remain compliant and is essential protection.
  • Enforce account separation. What this means is that if there is someone who has an administration account, they also have a separate user account for day-to-day work. This is to ensure that the administration account is only being used for admin tasks.

What is an Assessor Likely to be Looking For?

Get ready to pass the scrutiny of an external Cyber Essentials Plus assessor? That assessor is likely to be looking at:

  • Carrying out an external network vulnerability scan on the public IP address your organisation uses to highlight vulnerabilities in internet-facing services. All high-risk vulnerabilities must be remediated in order to get certified.
  • Carrying out device/server vulnerability scans. An assessor will sample workstations and servers that have a desktop GU and look for any patch related vulnerabilities that an attacker could exploit. These will then need to be remediated to get certified.
  • Testing general malware protections. This will include testing antivirus, as well as looking at devices to ensure they have been configured for optimum security.
  • Testing email client protections against malware. This will include sending infected emails to see whether they are being filtered before they reach a user’s mailbox.

Become Cyber Essentials Plus Certified

If you’re considering becoming Cyber Essentials Plus certified then there are many benefits to doing this, including fulfilling customer requirements and getting clear guidance on how to make your business more secure. You’ll also get a certificate and can use the Cyber Essentials Plus logo, enforcing your credibility for potential customers. Here at S.A.D.S, we can help you achieve this. Get in touch today and let’s progress together.  Fancy talking to a human instead of emails? Give us a call on 0344 8111167.

Here at S.A.D.S, we can help you achieve this. Get in touch today and let’s progress together.

Give us a call on 0344 8111167.