Last updated June 2021
Does it seem like every organisation has these logos on their website?
I know what you're thinking.
What do the logos mean? How do I get them?!
Well, let me just say now, please don't think that downloading the image from Google and uploading it to your website will suffice. You'd end up in A LOT of trouble (but I'll explain it all very soon).
Understandably, you're not even sure if these logos have any significance to your organisation.
I mean just because they're everywhere, it doesn't mean they're valuable, right?
Well, you'll quickly realise, this little Cyber Essentials logo could be the difference between elevating and losing your organisation.
I know you're thinking that is a pretty dramatic statement but for many organisations, it's an incredibly thin line.
Anyway, I'm getting ahead of myself!
It's easy to get lost in the world of Cyber Essentials, so let's start with the fundamentals of Cyber Essentials.
In essence, the UK Government are trying to help your organisation become more safe and secure. The Government want to see fewer breaches, fewer attacks and ultimately, less private data becoming public.
This is why the Government created the '10 Steps to Cyber Security' scheme (which you can see below) and this scheme formed the foundation of the Cyber Essentials scheme.
Cyber Essentials implements 5 technical controls to help your organisation reduce the cyber threat by 80%.
Yes, you are reading that correctly and it isn't a typo.
Cyber Essentials will guarantee your organisation a reduction of 80% from the cyber threat and so you're probably wondering, what are these 5 technical controls and what do they do?
- Firewalls and Internet Gateways - Cyber Essentials certification requires that you configure and use a firewall to protect all your devices, particularly those that connect to public or other suspicious and unreliable Wi-Fi networks.
- Secure Configuration - Cyber Essentials certification requires your organisation to only use software, accounts and apps that are frequently used. The key here is that they need to be a necessity to your organisation.
- Access Control - Cyber Essentials certification requires that you control access to your data through user accounts. Also, administration privileges are only given to those that need and furthermore, the use of the data with those accounts is controlled.
- Malware Protection - Cyber Essentials certification requires that you do at least one of the following to defend against malware:
- Install anti-malware software
5. Patch Management - Cyber Essentials certification requires that you keep your devices, software and apps up to date.
There are two types of Cyber Essentials certifications - Cyber Essentials and Cyber Essentials Plus. It's important to know the difference between both certifications and which certification fits best for your organisation.
An 80% reduction is a huge benefit of Cyber Essentials but you're probably wondering why else so many organisations have decided to buy Cyber Essentials.
Why become Cyber Essentials certified?
As you know, Cyber criminals want your data. The skill level of a cyber criminal can vary but when it comes to SMEs (Small and Medium Enterprises), even the most basic cyber criminal can hack into your systems IF you don't have the correct measures in place.
The guys over at Business Matters Magazine have done a great job conveying the importance of cyber security to SMEs and it is definitely worth checking out after you're finished here!
With the 5 controls I've mentioned above being fully implemented at your organisation, you'll have prevented a large number of competent cyber criminals from gaining access to your data as well as reducing the overall threat by 80%.
What can Cyber Essentials do for your organisation?
So why else would someone want these logos on their website? To understand this on a deeper level, we need to dive into the benefits of Cyber Essentials which can bring value to your organisation in different ways.
I've already mentioned the 80% reduction in cyber threat but another major benefit of Cyber Essentials is enhancing your reputation.
Customers and clients will come onto your website and see the logo and know their data is in safe hands. Believe me, they will have more respect for you because you showed respect to their data.
Cyber Essentials can also help you land those Government contracts that you've always hoped for.
For most organisations, this is a big aim and dream, but you legally need to be Cyber Essentials certified, as it is a requirement to be able to bid for and land a Government contract.
To further understand the benefits, feel free to check out '10 surprising benefits of Cyber Essentials'.
The Cyber Essentials Process
Now that you understand what the logos mean, let's talk about how you can go about getting those logos onto your own organisation's website.
Getting the Cyber Essentials logos on your website is a four-step process:
- Choose a Certification Body
- Meet the Cyber Essentials standard
- Pass Cyber Essentials
- Add Cyber Essentials Logo to your website
Choosing a Certification Body
Certifying bodies have the power to assess and certify organisations for Cyber Essentials and operate under an Accreditation Body.
Since April 2020, IASME (Information Assurance for Small and Medium Enterprises Consortium) has been the sole Accreditation Body and partner of the NCSC with Certification Bodies working on their behalf across the country to deliver the Cyber Essentials scheme.
Prior to this, there were actually 5 Accreditation Bodies, but the Government decided there should just be one, in order to make the process more streamlined and less confusing for certifying businesses.
Cyber Tec Security are an example of a Certification Body as we can certify an organisation for Cyber Essentials and we're aligned with IASME.
Choosing a Certification Body will depend on the kind of experience you want. While all are able to grant you the Cyber Essentials certification, pricing and packaging could be different and the certification delivery will differ from business to business.
My advice? Ask yourself what you want and do your research!
Meeting the Cyber Essentials standard
To be able to meet the Cyber Essentials standard, your IT infrastructure needs to meet the requirements to be able to begin the technical process. You can view the requirements for IT infrastructure here.
Passing Cyber Essentials
With the guidance of your Certification Body, you will be able to tick off every aspect of each technical control. I'm being quite literal too, there is a self-assessment questionnaire which you'll need to tick off as you go along.
The Certification Body will then review the responses and determine whether you've met the standard.
If you have met the standard then you will be awarded Cyber Essentials certification. (Congratulations!).
Using The Cyber Essentials Logo
You've done the hard part, now all you have to do is show off the fact you are Cyber Essentials certified!
You can use the logo on:
- Promotional Material
- Letter Heads
- Email Signatures
So this is how you become Cyber Essentials certified and if you are interested in gaining the Cyber Essentials Plus logo, the process is different and there are a few other things you'd need to know.
To learn more about Cyber Essentials, check out our Ultimate Guide to Cyber Essentials which will tell you everything you need to know about Cyber Essentials for FREE.