The difference between Cyber Essentials and Cyber Essentials Plus

What is Cyber Essentials and why do I need it?

Cyber Essentials is suitable for any organisation, with both Cyber Essentials and Cyber Essentials Plus available. It can be highly rewarding, both educationally and in terms of protecting your business.

Whilst often great for SME’s, achieving the certification is often also beneficial to larger organisations, particularly when bidding for government contracts. This is the perfect way of demonstrating your cyber security commitment to stakeholders, whilst ensuring you’re protecting your business.

Cyber Essentials- Stage 1

The first stage in Cyber Essentials certification is self-assessed and independently verified. The scheme covers the five main technical controls of:

  1. Securing your internet connection (firewalls and routers)
  2. Securing your devices and software (secure configuration)
  3. Control access to your data and services (access control)
  4. Protection against viruses and other malware (malware protection)
  5. Keeping your devices and software up to date (software updates)

To be awarded this level of Cyber Essentials you must complete a questionnaire and answer a series of 70 questions, divided up into 8 sections. Before submitting your completed assessment, your answers will be approved by a board level representative or business owner.

Cyber Essentials Plus- Stage 2

Once you have completed the first stage of Cyber Essentials, you’re ready to get your ‘Plus’ certification. This is the more advanced level of certification with Cyber Essentials. This sees a more rigorous test of your organisation’s cyber security systems, where experts carry out vulnerability checks to make sure that your organisation is protected from basic hacking and phishing attacks. You must first achieve your Cyber Essentials certification before moving on to the Plus level. Whilst you must still achieve the same controls as the initial stage, the certification process is more in depth. Cyber Essentials Plus includes an independent technical audit. To be awarded this certification the tests are carried out on your premises, with manual testing and monitoring.

Let us give you a helping hand

At a first glance this can seem daunting, but we promise to guide you through every step of the way. Not only are these practices great for achieving your certification and showing this off to your stakeholders, you’re also vitally protecting your business at the same time. A real win-win scenario.

Talk to our team about where to start on your journey of Cyber Essentials and start taking the necessary steps today.