What To Look For In A Cyber Essentials Assessment Partner

Earlier this year the National Cyber Security Centre (NCSC) introduced an updated set of requirements for the Cyber Essentials (CE) scheme, representing the most significant revamp of the scheme’s technical controls since its launch in 2014.

The profound changes to the way people work over the past few years has introduced new cyber security challenges for employers. The NSCS update reflects this evolving threat landscape. 
 
Where is your organisation along the road to digital transformation? With many businesses now invested in cloud services and with the widespread adoption of hybrid and remote working practices, the landscape for cyber security is evolving at a fast pace. Does your business ensure that work-critical apps on Bring Your Own Devices (BYOD) are protected? Does your IT estate allow employees to access all their data and files in the cloud seamlessly, in such a way that they can continue to work efficiently and productively anywhere? Reflecting the changes many businesses are now faced with, the remodelled CE schemes now offer organisations up-to-date advice and protection to help deal with the new working world.
 
Choosing An Assessor

The first step in getting your business CE certified is through online assessment. At the most basic level you can download the Cyber Essentials readiness toolkit. Answering questions about your current security posture will help you to create an action plan for your business to meet Cyber Essentials requirements. While this is a good place to start, opting for the more advanced CE+ will ensure your business is fully prepared to face modern cyber security challenges.
 
To gain CE+ accreditation, your business must complete an online assessment, followed by a technical audit to confirm that the necessary Cyber Essentials controls are in place. The audit includes a representative sample of user devices, all internet gateways, and all services that can be accessed by unauthenticated internet users. 
 
There are several benefits of CE+ accreditation. Passing the technical audit shows that your business is serious about combating cyber crime, which is reassuring to current and potential customers alike. But accreditation should also be viewed as an opportunity to fill any gaps in your security defences, to strengthen any weak links, or even identify training opportunities for your employees (often the weakest link in an organisation’s security structure thanks to sophisticated social engineering attacks). 
 
You may already have an assessor in mind to get your business Cyber Essentials certified, but do they thoroughly understand the framework? How much expertise do they have in critical areas such as application, endpoint, and cloud security?

When it comes to CE+ and the associated technical audit, your business is best served by an assessment partner who has the technical background and solutions to remediate any gaps you may have within the updated CE requirements before you take the assessment. 
 
Take, for example, evolving endpoint threats. With many businesses adopting practices such as BYOD and your employees adopting more flexible approaches to working, complete endpoint protection is vital for your organisation. 
 
Can your IT team name all the users within your organisation that need access to data in the cloud, and can they spot any unusual activity in real time? So-called shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. And with cloud fast becoming the number one choice for businesses when it comes to managing and storing data and apps, have you ensured that your data in the cloud is secure? Your employees should be able to work productively anywhere in the world, with secure access to all the data and apps they need.
 
Collaborative working requires collaborative solutions that enable all stakeholders to securely share and access all the files and data they need. Who needs visibility of documents within your business? Who has visibility of these documents? Knowing the answers to these questions is crucial if your organisation is serious about keeping sensitive or private information secure. And if your business is subject to industry-specific regulations, your security strategy must include safeguards to keep you compliant. 
 
Whatever point your organisation is at in its digital transformation journey, you are probably already using cloud services and grappling with novel cyber security challenges brought about by hybrid and remote working practices. 
 
The Cyber Essentials schemes have been updated to help your business deal with these modern demands. Take this opportunity to choose a partner who can provide a robust technical audit, has the expertise to deliver technical solutions that are right for your business, and can ensure you ace the Cyber Essentials assessment. 
 
Steve Whiter is Director of Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

 

« Cyber Security In Fintech
Ransomware Is Driving Cyber Security Professionals To Consider Quitting »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

X-PHY

X-PHY

X-PHY is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core.