What To Look For In A Cyber Essentials Assessment Partner

Uploaded on 2022-07-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Earlier this year the National Cyber Security Centre (NCSC) introduced an updated set of requirements for the Cyber Essentials (CE) scheme, representing the most significant revamp of the scheme’s technical controls since its launch in 2014.

The profound changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape. 
 
Where is your organisation along the road to digital transformation? With many businesses now invested in cloud services and with the widespread adoption of hybrid and remote working practices, the landscape for cyber security is evolving at a fast pace. Does your business ensure that work-critical apps on Bring Your Own Devices (BYOD) are protected? Does your IT estate allow employees to access all their data and files in the cloud seamlessly, in such a way that they can continue to work efficiently and productively anywhere? Reflecting the changes many businesses are now faced with, the remodelled CE schemes now offer organisations up-to-date advice and protection to help deal with the new working world.
 
Choosing An Assessor

The first step in getting your business CE certified is through online assessment. At the most basic level you can download the Cyber Essentials readiness toolkit. Answering questions about your current security posture will help you to create an action plan for your business to meet Cyber Essentials requirements. While this is a good place to start, opting for the more advanced CE+ will ensure your business is fully prepared to face modern cyber security challenges.
 
To gain CE+ accreditation, your business must complete an online assessment, followed by a technical audit to confirm that the necessary Cyber Essentials controls are in place. The audit includes a representative sample of user devices, all internet gateways, and all services that can be accessed by unauthenticated internet users. 
 
There are several benefits of CE+ accreditation. Passing the technical audit shows that your business is serious about combating cyber crime, which is reassuring to current and potential customers alike. But accreditation should also be viewed as an opportunity to fill any gaps in your security defences, to strengthen any weak links, or even identify training opportunities for your employees (often the weakest link in an organisation’s security structure thanks to sophisticated social engineering attacks). 
 
You may already have an assessor in mind to get your business Cyber Essentials certified, but do they thoroughly understand the framework? How much expertise do they have in critical areas such as application, endpoint, and cloud security?

When it comes to CE+ and the associated technical audit, your business is best served by an assessment partner who has the technical background and solutions to remediate any gaps you may have within the updated CE requirements before you take the assessment. 
 
Take, for example, evolving endpoint threats. With many businesses adopting practices such as BYOD and your employees adopting more flexible approaches to working, complete endpoint protection is vital for your organisation. 
 
Can your IT team name all the users within your organisation that need access to data in the cloud, and can they spot any unusual activity in real time? So-called shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. And with cloud fast becoming the number one choice for businesses when it comes to managing and storing data and apps, have you ensured that your data in the cloud is secure? Your employees should be able to work productively anywhere in the world, with secure access to all the data and apps they need.
 
Collaborative working requires collaborative solutions that enable all stakeholders to securely share and access all the files and data they need. Who needs visibility of documents within your business? Who has visibility of these documents? Knowing the answers to these questions is crucial if your organisation is serious about keeping sensitive or private information secure. And if your business is subject to industry-specific regulations, your security strategy must include safeguards to keep you compliant. 
 
Whatever point your organisation is at in its digital transformation journey, you are probably already using cloud services and grappling with novel cyber security challenges brought about by hybrid and remote working practices. 
 
The Cyber Essentials schemes have been updated to help your business deal with these modern demands. Take this opportunity to choose a partner who can provide a robust technical audit, has the expertise to deliver technical solutions that are right for your business, and can ensure you ace the Cyber Essentials assessment. 
 
Steve Whiter is Director of Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

 

« Cyber Security In Fintech
Ransomware Is Driving Cyber Security Professionals To Consider Quitting »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

Trianz

Trianz

Trianz Cybersecurity Services are Powered by One of the World’s Largest Databases on Digital Transformation. We Understand Evolving Risks, Technologies and Best Practices.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

ColCERT

ColCERT

ColCERT is the national cybersecurity emergency response team of Colombia.