What To Look For In A Cyber Essentials Assessment Partner

Earlier this year the National Cyber Security Centre (NCSC) introduced an updated set of requirements for the Cyber Essentials (CE) scheme, representing the most significant revamp of the scheme’s technical controls since its launch in 2014.

The profound changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape. 
 
Where is your organisation along the road to digital transformation? With many businesses now invested in cloud services and with the widespread adoption of hybrid and remote working practices, the landscape for cyber security is evolving at a fast pace. Does your business ensure that work-critical apps on Bring Your Own Devices (BYOD) are protected? Does your IT estate allow employees to access all their data and files in the cloud seamlessly, in such a way that they can continue to work efficiently and productively anywhere? Reflecting the changes many businesses are now faced with, the remodelled CE schemes now offer organisations up-to-date advice and protection to help deal with the new working world.
 
Choosing An Assessor

The first step in getting your business CE certified is through online assessment. At the most basic level you can download the Cyber Essentials readiness toolkit. Answering questions about your current security posture will help you to create an action plan for your business to meet Cyber Essentials requirements. While this is a good place to start, opting for the more advanced CE+ will ensure your business is fully prepared to face modern cyber security challenges.
 
To gain CE+ accreditation, your business must complete an online assessment, followed by a technical audit to confirm that the necessary Cyber Essentials controls are in place. The audit includes a representative sample of user devices, all internet gateways, and all services that can be accessed by unauthenticated internet users. 
 
There are several benefits of CE+ accreditation. Passing the technical audit shows that your business is serious about combating cyber crime, which is reassuring to current and potential customers alike. But accreditation should also be viewed as an opportunity to fill any gaps in your security defences, to strengthen any weak links, or even identify training opportunities for your employees (often the weakest link in an organisation’s security structure thanks to sophisticated social engineering attacks). 
 
You may already have an assessor in mind to get your business Cyber Essentials certified, but do they thoroughly understand the framework? How much expertise do they have in critical areas such as application, endpoint, and cloud security?

When it comes to CE+ and the associated technical audit, your business is best served by an assessment partner who has the technical background and solutions to remediate any gaps you may have within the updated CE requirements before you take the assessment. 
 
Take, for example, evolving endpoint threats. With many businesses adopting practices such as BYOD and your employees adopting more flexible approaches to working, complete endpoint protection is vital for your organisation. 
 
Can your IT team name all the users within your organisation that need access to data in the cloud, and can they spot any unusual activity in real time? So-called shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. And with cloud fast becoming the number one choice for businesses when it comes to managing and storing data and apps, have you ensured that your data in the cloud is secure? Your employees should be able to work productively anywhere in the world, with secure access to all the data and apps they need.
 
Collaborative working requires collaborative solutions that enable all stakeholders to securely share and access all the files and data they need. Who needs visibility of documents within your business? Who has visibility of these documents? Knowing the answers to these questions is crucial if your organisation is serious about keeping sensitive or private information secure. And if your business is subject to industry-specific regulations, your security strategy must include safeguards to keep you compliant. 
 
Whatever point your organisation is at in its digital transformation journey, you are probably already using cloud services and grappling with novel cyber security challenges brought about by hybrid and remote working practices. 
 
The Cyber Essentials schemes have been updated to help your business deal with these modern demands. Take this opportunity to choose a partner who can provide a robust technical audit, has the expertise to deliver technical solutions that are right for your business, and can ensure you ace the Cyber Essentials assessment. 
 
Steve Whiter is Director of Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

 

« Cyber Security In Fintech
Ransomware Is Driving Cyber Security Professionals To Consider Quitting »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Investing Summit

Cyber Investing Summit

Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services provides high-end technical and professional services with an emphasis on providing Cyber Solutions.

Searchlight Security

Searchlight Security

Searchlight Security is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.