What To Look For In A Cyber Essentials Assessment Partner

Uploaded on 2022-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Earlier this year the National Cyber Security Centre (NCSC) introduced an updated set of requirements for the Cyber Essentials (CE) scheme, representing the most significant revamp of the scheme’s technical controls since its launch in 2014.

The profound changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape. 
 
Where is your organisation along the road to digital transformation? With many businesses now invested in cloud services and with the widespread adoption of hybrid and remote working practices, the landscape for cyber security is evolving at a fast pace. Does your business ensure that work-critical apps on Bring Your Own Devices (BYOD) are protected? Does your IT estate allow employees to access all their data and files in the cloud seamlessly, in such a way that they can continue to work efficiently and productively anywhere? Reflecting the changes many businesses are now faced with, the remodelled CE schemes now offer organisations up-to-date advice and protection to help deal with the new working world.
 
Choosing An Assessor

The first step in getting your business CE certified is through online assessment. At the most basic level you can download the Cyber Essentials readiness toolkit. Answering questions about your current security posture will help you to create an action plan for your business to meet Cyber Essentials requirements. While this is a good place to start, opting for the more advanced CE+ will ensure your business is fully prepared to face modern cyber security challenges.
 
To gain CE+ accreditation, your business must complete an online assessment, followed by a technical audit to confirm that the necessary Cyber Essentials controls are in place. The audit includes a representative sample of user devices, all internet gateways, and all services that can be accessed by unauthenticated internet users. 
 
There are several benefits of CE+ accreditation. Passing the technical audit shows that your business is serious about combating cyber crime, which is reassuring to current and potential customers alike. But accreditation should also be viewed as an opportunity to fill any gaps in your security defences, to strengthen any weak links, or even identify training opportunities for your employees (often the weakest link in an organisation’s security structure thanks to sophisticated social engineering attacks). 
 
You may already have an assessor in mind to get your business Cyber Essentials certified, but do they thoroughly understand the framework? How much expertise do they have in critical areas such as application, endpoint, and cloud security?

When it comes to CE+ and the associated technical audit, your business is best served by an assessment partner who has the technical background and solutions to remediate any gaps you may have within the updated CE requirements before you take the assessment. 
 
Take, for example, evolving endpoint threats. With many businesses adopting practices such as BYOD and your employees adopting more flexible approaches to working, complete endpoint protection is vital for your organisation. 
 
Can your IT team name all the users within your organisation that need access to data in the cloud, and can they spot any unusual activity in real time? So-called shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. And with cloud fast becoming the number one choice for businesses when it comes to managing and storing data and apps, have you ensured that your data in the cloud is secure? Your employees should be able to work productively anywhere in the world, with secure access to all the data and apps they need.
 
Collaborative working requires collaborative solutions that enable all stakeholders to securely share and access all the files and data they need. Who needs visibility of documents within your business? Who has visibility of these documents? Knowing the answers to these questions is crucial if your organisation is serious about keeping sensitive or private information secure. And if your business is subject to industry-specific regulations, your security strategy must include safeguards to keep you compliant. 
 
Whatever point your organisation is at in its digital transformation journey, you are probably already using cloud services and grappling with novel cyber security challenges brought about by hybrid and remote working practices. 
 
The Cyber Essentials schemes have been updated to help your business deal with these modern demands. Take this opportunity to choose a partner who can provide a robust technical audit, has the expertise to deliver technical solutions that are right for your business, and can ensure you ace the Cyber Essentials assessment. 
 
Steve Whiter is Director of Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

 

« Cyber Security In Fintech
Ransomware Is Driving Cyber Security Professionals To Consider Quitting »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.