Does it seem like every organisation has these logos on their website?
I know what you're thinking.
What do the logos mean? How do I even get them?!
Well let me just say now, please don't think that downloading the image from Google and uploading it to your website will suffice. You'd end up in A LOT of trouble (but I'll explain it all very soon).
Understandably, you're not even sure if these logos have any significance to your organisation.
I mean just because they're everywhere, it doesn't mean they're valuable, right?
Well, you'll quickly realise, this little Cyber Essentials logo could be the difference between elevating and losing your organisation.
I know you're thinking that is a pretty dramatic statement but for many organisation's, it's an incredibly thin line.
Anyway, I'm getting ahead of myself!
It's easy to get lost in the world of Cyber Essentials, so let's start with the fundamentals of Cyber Essentials.
What is Cyber Essentials?
In essence, the UK Government are trying to help your organisation become more safe and secure. The Government want to see less breaches, less attacks and ultimately, less private data becoming public.
This is why the Government created the '10 Steps to Cyber Security' scheme (which you can see below) and this scheme formed the foundation of the Cyber Essentials scheme.
Cyber Essentials implements 5 technical controls to help your organisation reduce the cyber threat by 80%.
Yes, you are reading that correctly and it isn't a typo.
Cyber Essentials will guarantee your organisation a reduction of 80% from the cyber threat and so you're probably wondering, what are these 5 technical controls and what do they do?
- Firewalls and Internet Gateways - Cyber Essentials certification requires that you configure and use a firewall to protect all your devices, particularly those that connect to public or other suspicious and unreliable Wi-Fi networks.
- Secure Configuration - Cyber Essentials certification requires your organisation to only use software, accounts and apps that are frequently used. The key here is that they need to be a necessity to your organisation.
- Access Control - Cyber Essentials certification requires that you control access to your data through user accounts. Also, administration privileges are only given to those that need and furthermore, the use of the data with those accounts is controlled.
- Malware Protection - Cyber Essentials certification requires that you do at least one of following to defend against malware:
- Install anti-malware software
5. Patch Management - Cyber Essentials certification requires that you keep your devices, software and apps up to date.
There are two types of Cyber Essentials certifications - Cyber Essentials and Cyber Essentials Plus. It's important to know the difference between both certifications and which certification fits best for your organisation.
An 80% reduction is a huge benefit of Cyber Essentials but you're probably wondering why else so many organisations have decided to buy Cyber Essentials.
Why become Cyber Essentials certified?
As you know, Cyber criminals want your data. The skill level of a cyber criminal can vary but when it comes to SMEs (Small and Medium Enterprises), even the most basic cyber criminal can hack into your systems IF you don't have the correct measures in place.
The guys over at Business Matters Magazine have done a great job conveying the importance of cyber security to SMEs and it is definitely worth checking out (after you read this article, there's still plenty of value for you here!)
With the 5 controls I've mentioned above being fully implemented into your organisation, you'll have prevented a large number of competent cyber criminals gaining access to your data as well as reducing the overall threat by 80%.
What can Cyber Essentials do for your organisation?
So why else would someone want these logos on their website? To understand this on a deeper level, we need to dive into the benefits of Cyber Essentials which can bring value to your organisation in different ways.
I've already mentioned the 80% reduction in cyber threat but another major benefit of Cyber Essentials is enhancing your reputation.
Customers and clients will come onto your website and see the logo and know their data is in safe hands. Believe me, they will have more respect for you because you showed respect to their data.
Cyber Essentials can also help you land those Government contracts that you've always hoped for.
For most organisations, this is a big aim and dream, but you legally need to be Cyber Essentials certified, as it is a requirement to be able to bid for and land a Government contract.
To further understand the benefits, feel free to check out '10 surprising benefits of Cyber Essentials'.
The Cyber Essentials Process
Now that you understand what the logos mean, let's talk about how you can go about getting those logos onto your own organisation's website.
Getting the Cyber Essentials logos on your website is a four step process:
- Choose a certification body
- Meet the Cyber Essentials standard
- Pass Cyber Essentials
- Add Cyber Essentials Logo to your website
Choosing a certification body
To be able to choose a certification body, you need to be able to choose an accreditation body.
I know what you're thinking.
Even more technical terms?!
No need to worry, let's define both terms.
Certifying bodies have the power to assess and certify organisations for Cyber Essentials.
Certifying Bodies are 'policed' by Accreditation bodies.
Every certifying body is aligned with one of the five accreditation bodies (IASME, CREST, IRM, APMG and QG) and each accreditation body has their own way of implementing Cyber Essentials and they specialise in different things.
For instance, Cyber Tec Security are a certifying body as we can make an organisation Cyber Essentials certified and we're aligned with the IASME accreditation body.
However, there are certifying bodies who work with the other four accrediting bodies. For instance, Company X work with CREST to deliver Cyber Essentials for their clients.
It's really important that you understand which accreditation body is an ideal fit for your business, as then you'll know which certification body to choose.
For example, IAMSE specialise in SMEs and so if you're a small business, you'd ideally choose a certification body who align with IASME.
My advice? Ask yourself what you want and do your research!
Meeting the Cyber Essentials standard
To be able to meet the Cyber Essentials standard, your IT infrastructure needs to meet the requirements to be able to begin the technical process. You can view the requirements for IT infrastructure here.
Passing Cyber Essentials
With the guidance of your certification body, you will be able to tick off every aspect of each technical control. I'm being quite literal too, there is a self-assessment questionnaire which you'll need to tick off as you go along.
The certification body will then review the responses and determine whether you've met the standard.
If you have met the standard then you will be awarded Cyber Essentials certification. (Congratulations!).
Using The Cyber Essentials Logo
You've done the hard part, now all you have to do is show off the fact you are Cyber Essentials certified!
You can use the logo on:
- Promotional Material
- Letter Heads
- Email Signatures
So this is how you become Cyber Essentials certified and if you are interested in gaining the Cyber Essentials Plus logo, the process is different and there is a lot you'd need to know.
To learn more about Cyber Essentials, check out our Ultimate Guide to Cyber Essentials which will tell you everything you need to know about Cyber Essentials for FREE.