The government’s Cyber Essentials scheme ensures basic cyber security measures are in place, preventing approximately 80% of cyber attacks. The scheme is centred around 5 controls and ensures that most vulnerabilities are secured. The recent NHS attacks would have been unlikely to have occured if Cyber Essentials had been implemented.
Cyber Essentials helps prevent the vast majority of cyber-attacks. Even a simple virus or piece of malware could result in loss of company and client data disrupt your cash flow and take up lots of time.
An attack could also put off your customers, stop you trading and damage your hard-earned reputation. It could also be reported in the local media. Loss of data could breach the Data Protection Act and lead to large fines or prosecution.
Having a Cyber Essentials badge will:
- Protect your organisation against common cyber threats
- Show your customers you take this issue seriously
- Enable you to bid for Government contracts
Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some IT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts.
Find out more at www.cyberaware.gov.uk/cyberessentials
4 Steps to Simple Compliance
In partnership with CyberSmart we offer a platform that is designed to assist organisations in achieving Cyber Essentials certification as easily as possible. Once organisations are certified, we help them stay compliant.
The platform is designed to assist organisations in achieving Cyber Essentials certification in the easiest and the shortest time possible. The entire process can be divided into four parts.
Step 1: We identify
Scanning for vulnerabilities enables the capability to identify all issues which are not in line with the HMG Cyber Essentials scheme. We use technology to automate the search for weaknesses in your system, so you don’t need any prior technical knowledge. We support identification on both Windows and Mac.
Step 2: We fix
Provided with a list of all devices and their respective issues, the admin can either manually attend to each machine or, can fix issues with one click in the dashboard. For admins with limited cyber security know-how the platform is written in plain English, using smart questions. It offers step-by-step guides and live online support. Our technology ensures good security practices stay in place after certification.
Step 3: We certify
Being secure is only one side of the coin. It is equally important to demonstrate to clients, suppliers and partners that data protection is taken seriously and they are in safe hands. This can help with instilling trust and limit liability in case of a breach. You also receive an official Cyber Essential badge to use online and a physical certificate.
Step 4: We protect
Data security is not a once-in-a-while exercise but an ongoing prcess. Security threats change constantly. For that reason, the sofware is ideally kept passively running in the background, which allows us to provide you with real-time threat information and security updates. All our offers include one year of ongoing support, £25K of free cyber security insurance and online support chat. Additional protection and proactive personal support is available upon request
In order to check device vulnerabilities and configurations, apps are deployed to all devices in the organisation. The apps periodically check and report the compliance status of the device. Upon request the app can be modified to remotely fix issues, or can even automatically maintain the compliance status across all devices. Automated repair is disabled by default.
Within the Partner Dashboard you can see the conformity of every device across all organisations and can email each user a personalised “Steps to Secure” guide that we automatically customise for their setup. Get everyone on the same page, instantly.
There are two different ways to deploy the CyberSmart app onto each device. Individual enrolment is designed for organisations with usermanaged devices or no centralised IT management. This method will send unique individual emails to team members containing a download link for the app.
Bulk deployment is designed for organisations with centralised device management (via group policy, mobile device management or RMM). This method creates a single package for wide, silent deployment.
• A cloud-managed centralised platform allows for reporting and management, while software based apps built for Windows and Mac scan and secure individual devices
• Data platform hosted on AWS (data is stored in multiple availability zones within London and replicated to Ireland for redundancy)
• Each deployed binary is custom built and signed on a per client/user basis
• All communication with the platform is via HTTPS, using strong ciphers
• OAuth 2 authentication for platform and syncing with G Suite / O365
• Utilise SPF / DKIM / DMARC to combat email spoofing
• Utilise DNSSEC to combat domain spoofing
• All API requests are authenticated via pre-assigned UUID
• All data encrypted in transit (TLS) and at rest (AES-256)
• Web Application Firewall and DDoS protection in place, complete redundancy throughout the platform
• Signed package URL’s with expiry and secret note for self-enrolment
• Regular third party auditing and penetration testing
• FIPS 140-2 Level 3 hardware cryptographic modules that provide extended validation code signing for Windows Binaries