What To Look For In A Cyber Essentials Assessment Partner

Earlier this year the National Cyber Security Centre (NCSC) introduced an updated set of requirements for the Cyber Essentials (CE) scheme, representing the most significant revamp of the scheme’s technical controls since its launch in 2014.

The profound changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape. 
 
Where is your organisation along the road to digital transformation? With many businesses now invested in cloud services and with the widespread adoption of hybrid and remote working practices, the landscape for cyber security is evolving at a fast pace. Does your business ensure that work-critical apps on Bring Your Own Devices (BYOD) are protected? Does your IT estate allow employees to access all their data and files in the cloud seamlessly, in such a way that they can continue to work efficiently and productively anywhere? Reflecting the changes many businesses are now faced with, the remodelled CE schemes now offer organisations up-to-date advice and protection to help deal with the new working world.
 
Choosing An Assessor

The first step in getting your business CE certified is through online assessment. At the most basic level you can download the Cyber Essentials readiness toolkit. Answering questions about your current security posture will help you to create an action plan for your business to meet Cyber Essentials requirements. While this is a good place to start, opting for the more advanced CE+ will ensure your business is fully prepared to face modern cyber security challenges.
 
To gain CE+ accreditation, your business must complete an online assessment, followed by a technical audit to confirm that the necessary Cyber Essentials controls are in place. The audit includes a representative sample of user devices, all internet gateways, and all services that can be accessed by unauthenticated internet users. 
 
There are several benefits of CE+ accreditation. Passing the technical audit shows that your business is serious about combating cyber crime, which is reassuring to current and potential customers alike. But accreditation should also be viewed as an opportunity to fill any gaps in your security defences, to strengthen any weak links, or even identify training opportunities for your employees (often the weakest link in an organisation’s security structure thanks to sophisticated social engineering attacks). 
 
You may already have an assessor in mind to get your business Cyber Essentials certified, but do they thoroughly understand the framework? How much expertise do they have in critical areas such as application, endpoint, and cloud security?

When it comes to CE+ and the associated technical audit, your business is best served by an assessment partner who has the technical background and solutions to remediate any gaps you may have within the updated CE requirements before you take the assessment. 
 
Take, for example, evolving endpoint threats. With many businesses adopting practices such as BYOD and your employees adopting more flexible approaches to working, complete endpoint protection is vital for your organisation. 
 
Can your IT team name all the users within your organisation that need access to data in the cloud, and can they spot any unusual activity in real time? So-called shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. And with cloud fast becoming the number one choice for businesses when it comes to managing and storing data and apps, have you ensured that your data in the cloud is secure? Your employees should be able to work productively anywhere in the world, with secure access to all the data and apps they need.
 
Collaborative working requires collaborative solutions that enable all stakeholders to securely share and access all the files and data they need. Who needs visibility of documents within your business? Who has visibility of these documents? Knowing the answers to these questions is crucial if your organisation is serious about keeping sensitive or private information secure. And if your business is subject to industry-specific regulations, your security strategy must include safeguards to keep you compliant. 
 
Whatever point your organisation is at in its digital transformation journey, you are probably already using cloud services and grappling with novel cyber security challenges brought about by hybrid and remote working practices. 
 
The Cyber Essentials schemes have been updated to help your business deal with these modern demands. Take this opportunity to choose a partner who can provide a robust technical audit, has the expertise to deliver technical solutions that are right for your business, and can ensure you ace the Cyber Essentials assessment. 
 
Steve Whiter is Director of Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

 

« Cyber Security In Fintech
Ransomware Is Driving Cyber Security Professionals To Consider Quitting »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

DAtAnchor

DAtAnchor

Anchor is simply a better way to protect and control sensitive data. Zero-trust, data-centric security. Simplified.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Fibernet

Fibernet

Fibernet's innovative solutions in the fields of cybersecurity and fiber optics range from telecommunications infrastructure to small business cybersecurity.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.