I know how confusing it can be when you've got a great relationship with your suppliers and then out of the blue, you're being told you need to get something you've never heard of before.
You're sat there saying things like...
"Cyber Essentials? What is that? I've never heard of that before!"
However, there is s a reason why your suppliers are asking for this, they wouldn't be saying it if they didn't truly believe it's a crucial requirement for your relationship.
Anyway, let's first get our heads around what Cyber Essentials is...
What is Cyber Essentials?
Cyber Essentials is a cyber security certification designed to protect your organisation against common cyber threats. It is the only UK government-backed cyber security certification.
Cyber Essentials requires you to implement five technical controls to be able to reduce the risk of breach by 80%. You can read more about what Cyber Essentials is by clicking here.
Another key point is that Cyber Essentials is that there is two different types of certifications available, Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is a basic certification, it is a self-certification that anyone can do very easily and because of this, it's not valued as highly as Cyber Essentials Plus.
Cyber Essentials Plus requires an external certifying body to assess your infrastructure and this is ideally what your suppliers hope you will opt for. Cyber Essentials Plus shows you're taking data protection seriously.
There are many benefits of Cyber Essentials Plus which you can read all about here.
So why do my suppliers want us to get certified for Cyber Essentials Plus?
Your suppliers want to make sure their supply chain is safe.
They know if any business they work with isn't taking the necessary precautions with cyber security, they could have a third party backdoor breach in their organisation.
Obviously, they don't want this to happen so they're asking all of their clients to get certified and this works for everyone because now everyone in the supply chain has significantly reduced the risk of breach.
It's also important to remember that with Cyber Essentials Plus certification, you're avoiding fines of up to 4% of your global turnover because you can prove to the Information Commissioner's Officer that you've done everything in your power to protect client data.
As much as you're protecting your supplier, you're just as much protecting your business.
Did you know if you were breached you'd have to notify your clients about the breach within 72 hours?
It's not a surprise that many businesses struggle to recover from that, your reputation would take a huge hit.
The worst part?
It was very, very avoidable to begin with.
So here's what you should do:
First things first, educate yourself on Cyber Essentials. There's so much you'd want to delve into such as how to get free cyber insurance with Cyber Essentials or how to attain Government contracts.
You can find out everything you'd ever need on Cyber Essentials in the Ultimate Guide to Cyber Essentials.
Once you're aware and educated on Cyber Essentials, you can pursue certification but you'll need to do this with a Certification Body such as Cyber Tec Security.
Want to find out how to protect your supply chain with Cyber Essentials?