Andrew Coyle, Head of Information Security at Smartdesc, explains how non-profits can achieve Cyber Essentials and Cyber Essentials Plus accreditation to demonstrate their cyber security commitments to funders, supporters and other stakeholders:
What is Cyber Essentials?
Cyber Essentials is a government backed certification introduced following concerns that organisations were not putting the basic technical controls in place to protect themselves against the most common internet-based attacks.
- Cyber Essentials is a standard that helps organisations effectively establish the five core controls that have been shown to prevent most cyber-attacks.
- Most cyber-attacks are untargeted and use commodity tools to attack large amounts of devices, services and users at the same time in an indiscriminate way.
- Cyber Essentials will help an organisation defend against this type of attack. The process of putting in place the five core controls will eliminate all the common security gaps that up to 90% of cyber-attacks rely on.
What is the difference between Cyber Essentials Basic and Cyber Essentials Plus?
- Cyber Essentials Basic is a self-service questionnaire covering five key areas with a check on whether an organisation has met the requirements for each area. It’s honour-based, there’s no marking of your answers
- Cyber Essentials Plus is broadly the same criteria, but adds an independent technical audit to determine that the controls captured in the self-service questionnaire are working effectively.
- We recommend Plus because the audit often unearths other areas to tighten around security. Whether you proceed with Basic or Plus is sometimes driven by demand, e.g. if you need the certification as part of a funding bid, Basic can be achieved fairly quickly, but if you want to test that you genuinely have effective IT Security fundamentals in place, Plus is the option for you. You can start with Basic then step up to Plus later, and it should be renewed annually because – as we all know – a lot can change in a year!
- Depending on how much remediation work is needed to meet the standard, Basic usually takes a 1-2 weeks and costs around £1,000, and Plus can take 4 – 8 weeks and can cost around £3,000 depending on the size of the organisation
What are the benefits of Cyber Essentials?
- For organisations starting to think about Cyber Security, the Cyber Essentials Scheme is a good starting point and offers a clear framework to ensure the basic fundamentals are in place and working.
- Being Cyber Essentials certified may help an organisation with proposals or bids as it shows organisations that you are thinking about how to secure the information in your organisation.
- More and more we are seeing Cyber Essentials being a mandatory requirement in bids and proposals and this is likely to be the norm for all bids and proposals at some point moving forward.
- It reassures your board, beneficiaries or stakeholders that you take cyber security seriously. Note that it only covers the fundamentals though and should be part of an overall security strategy that also includes areas such as user awareness training on security – especially how to spot malicious emails, which is by far the biggest cause of cyber breaches worldwide.
Find out more about Cyber Essentials and Cyber Essentials Plus:
Smartdesc are a Cyber Essentials Basic and Cyber Essentials Plus certification body, which means that we can assess organisations against the standard and issue the certificate where an organisation meets the Cyber Essentials standards requirements.
Smartdesc can also help you to prepare for your upcoming re-certification. If you are unsure where to start or would like some support with your certification please get in touch.
Smartdesc specialise in helping charities and non-profit organisations define and deliver their IT and Digital Strategies, as well as helping many organisations cut their IT costs, migrate to remote working platforms such as Office 365 and Teams, and improve their Data Protection and GDPR resilience.
To book some complimentary time to discuss Cyber Essentials, charity technology, budgeting, or any other IT challenges you may have: email: firstname.lastname@example.org
Smartdesc is an NCVO Trusted IT Supplier, ACEVO Premium Partner and CFG Partner.