Cyber Essentials

Cyber Security with Apex Computing 

The Cyber Essentials scheme has been developed by the Government and industry to fulfil two functions:

 

It provides clear guidance regarding the basic controls all organisations should implement to mitigate the risks from common internet-based threats.
Through the Assurance Framework it also offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that the company has taken essential precautions.

 

Cyber Essentials offers a sound foundation of basic IT hygiene measures that all types of organisations can implement and potentially build upon.  The government believes that implementing these measures can significantly reduce an organisation’s cyber vulnerability. Please bear in mind, it does not offer a silver shield to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide cost-effective, basic cyber security for organisations of all sizes.

Get In Touch Today

Why is this relevant and when did it all start? 

Back in 2012, the UK Government launched its ‘10 Steps to Cyber Security’ and subsequently the ‘Small Businesses: What you need to know about Cyber Security’ guidance manual to encourage organisations to consider how well they were managing their cyber risks. The Government emphasised the need for company Boards and senior executives to take ownership of these risks and ensure that they have considered them adequately in their risk management regime. The initiatives gained traction and industry was very receptive to the government’s cyber security advice and guidance.

 

After the success of these initiatives, industry wanted evidence for their dedication to cyber security and thus the Cyber Essentials accreditation was born.

 

The government has since worked with industry to develop new requirements. This is the Cyber Essentials scheme, which focuses on basic cyber hygiene.

 

The scope of the Cyber Essentials scheme covers the basics of cyber security in a small business or corporate IT system. Implementation of these controls can significantly reduce the risk of prevalent but unskilled cyber-attacks. For many organisations, especially those with significant information assets or those that are exposed to a wider range of threats, Cyber Essentials will be a practical component of wider ranging cyber security procedures.

cyber security

Our Packages

cyber security
  • Cyber Essentials

  • From £799+VAT

This is completed internally with Apex Computing’s help, in the form of a self-answer questionnaire which is then accredited externally.

We help get your organisation ready for the accreditation. This may include making changes to your systems and processes to bring them in line with compliance for the accreditation. This includes the cost of your assessment fee and up to 1 day onsite support where a Security Audit will be completed.

Any larger compliance requirements would be quoted for separately and may incur additional costs.

security
  • Cyber Essentials Plus

  • From £2500+VAT

Your organisation will be audited externally by an accredited agency, Xyone.

We prepare your systems for Cyber Essentials Plus, firstly, by completing an onsite Security Audit. As part of this, any minor changes that are required to make your company compliant will be completed in the fixed cost.

We would also have an engineer onsite to assist on the day that the examiners visit to carry out the audit.

Any larger compliance requirements would be quoted for separately and may incur additional costs.

security
  • Managed Security Service

  • From £250+VAT / Per Month

This is where you pay a monthly fee to Apex Computing for a managed security service, which includes:

  • A business grade SonicWall Firewall with advanced features including reporting and user web usage monitoring.
  • A yearly Security Audit.
  • Yearly renewal of Cyber Essentials.
  • Monthly external vulnerability scanning.
  • Quarterly review meetings where recommendations are made to improve your organisation security.
Why choose us?
Contact us

Cyber Essentials concentrates on five key controls: 

There are 5 important controls that Cyber Essentials addresses. These include:

Patch Management: Cyber criminals often exploit known vulnerabilities in software, operating systems and third-party applications if they are not properly patched or updated. Regardless of which phones, tablets, laptops or computers your company uses, it’s important that they are kept up to date at all times to prevent this from happening.

 

Cyber Essential Requirements:

Software must be:

  • Kept up to date, licensed and supported.
  • Removed from devices when no longer supported.
  • Patched within 14 days of an update being released, where the patch fixes a vulnerability that the supplier or vendor describes as ‘critical’ or ‘high risk’.

Malware Protection: From opening an infected email and browsing a malicious website to using a memory stick containing malware or viruses, there are many ways that this harmful software can gain access to, and cause damage to, sensitive data. Businesses should put practices in place that restrict malware access.

 

Cyber Essentials Requirements:

Your company should put at least one of these preventative measures in place:

 

  • Anti-malware software: kept up to date, with signature files updated daily; configured to scan files automatically upon access and website pages automatically when they are accessed through a web browser; must prevent connections to malicious websites on the internet.
  • Whitelisting: This is where a business keeps a current list of approved device applications, preventing users from installing and running those that may contain malware. Any applications not on the list will be blocked from running, and is an especially strong form of protection.
  • Application Sandboxing: This is where an application runs in an isolated environment, restricting access to the rest of your devices and networks. This keeps your files and other applications beyond the reach of malware wherever possible.

Secure Configuration: This ensures that computers and network devices are configured to prevent vulnerabilities, cyber risks and data breaches.

 

Cyber Essentials Requirements:

For computers and networks, the business must regularly:

  • Remove and disable any unnecessary accounts and software.
  • Change any default or obvious passwords.
  • Disable any auto-run features that allow file execution without user authorisation.
  • Authenticate users before allowing Internet-based access to sensitive data.

 

Password-based authentication requirements:

  • Create limit attempts or the number of guesses allowed within a time period.
  • Set a minimum password length of at least 8 characters but not set a maximum password length.
  • Change passwords immediately when the user knows or suspects that someone is trying to hack into their account.
  • Putting a password policy in place that instructs on best practices.

Access Control: To reduce damage done if an account is misused or stolen, team member accounts should be assigned to authorised individuals only, and they should only be given access to the applications, computers and network needed to do their job.

 

Cyber Essentials Requirements:

The business should:

  • Authenticate users before granting them access to applications, devices, software and programmes.
  • Remove or disable accounts when they are no longer required.
  • Implement two-factor authentication.
  • Use administrative accounts to perform administrative activities only.
  • Remove or disable special access privileges when they are no longer required.

Boundary Firewalls and Internet Gateways: You should protect your internet connection with a firewall that analyses incoming traffic to discover whether it should or shouldn’t be allowed onto your network. This prevents unauthorised access to or from your private networks. Every device that connects to the internet must therefore be secured with a firewall, or equivalent network device.

 

Cyber Essentials Requirements:

The business should:

  • Change any default administrative password to an alternative using best practices.
  • Prevent access to the administrative interface from the internet, unless the interface is protected with superior controls.
  • Block unauthenticated inbound connections by default.
  • Ensure that inbound firewalls rules are approved and documented by an authorised team member.
  • Remove or disable permissive firewall rules quickly when they are no longer needed.
  • Use a host-based firewall on devices that are used on untrusted networks, such as public Wi-Fi hotspots.

 

 

Put these measures in place and you’re well on the way to becoming certified. We can help you with everything from scoping and filling in the questionnaire, to conducting our own security audit, which thoroughly reviews your business systems and processes, ensuring that they meet the Cyber Essentials requirements. We’ll then make recommendations to help improve network and security measures for the ultimate level of protection.

What our clients say

Why Is Cyber Essentials Necessary?

security

These are just a handful of the reasons why we believe Cyber Essentials is necessary for businesses of all shapes and sizes, regardless of sector or industry:

 

What’s Included in Cyber Essentials?

Cyber Essentials is self-certified process, involving a 40-question questionnaire. Each question requires a ‘Yes’ or ‘No’ response, with justification for proof. We are more than happy to help with the process, whether that’s determining the scope, checking that your IT systems are secure and that all five controls are implemented correctly or submitting the questionnaire for review by Xyone and APMG.

 

What Should I Expect On The Cyber Essentials Questionnaire?

 

Examples of questions that appear on the questionnaire include:

 

  • Are there firewalls in place which protect all your devices?
  • Are unauthenticated inbound connections blocked by default?
  • Are external users authenticated before they are given Internet-based access to commercially or personally sensitive data, or data which is critical to the running of the organisation?
  • Has two-factor authentication been implemented, where available?
  • Is all software installed on computers and network devices in the scope licensed and supported?
  • Are passwords changed when it is suspected they are compromised?
  • Does the software scan files automatically upon access?

 

 

If while filling out the questionnaire you require some assistance, please don’t hesitate to pick up the phone and give us a call on 0161 233 0099.

security

What’s Included in Cyber Essentials Plus?

cyber security

With Cyber Essentials Plus, the protective measures you need to have in place are still the same, but your cyber security is tested and confirmed by a certification body. We trust Xyone with all of our clients, who confirms the scope for Plus, and then:

 

  • Conducts an external vulnerability scan.
  • Carries out an onsite vulnerability scan.
  • Handles manual computer and mobile checks.
  • Verifies that the 5 key controls are in place.

 

 

If there are any nonconformities, we can help you fix them. A Xyone assessor will then reassess your security practices, and should they all be up to scratch, you will receive your Cyber Essentials Plus certificate.

 

As with Cyber Essentials, we are happy to help with everything from the scope to providing you with guidance on best practices for the assessor. For example:

 

  • Creating an admin account for vulnerability scanning.
  • Providing an asset inventory of all devices.
  • Providing the IP addresses in scope for the test.
  • Being available to help the assessor with any troubleshooting.
  • Setting aside time for a discovery meeting.

 

Then, dependent on the results of the meeting, we can help you put remediation in place that aligns with requirements, and help you prepare for reassessment.

What Are The Benefits Of Cyber Essentials?

Cyber Essentials offers many advantages to certified businesses, including:

 

  • From secure configuration and malware protection to boundary firewalls, access control and patch management, Cyber Essentials focuses on five important security controls that, according to the government, could prevent up to, ‘’80% of cyber attacks.’’

 

  • Having Cyber Essentials can also reduce insurance premiums. A 2015 government report, ‘UK cyber security: the role of insurance in managing and mitigating the risk’, found that most insurers believe that, ‘’Cyber Essentials would provide a valuable signal of reduced risk when underwriting cyber insurance for SMEs, allowing them to use a reduced question set and informing their decisions to underwrite”, and that “participating insurers operating in the SME insurance sector have agreed to build reference to the Cyber Essentials standard into their cyber insurance applications, and will look to simplify the application where accreditation has been achieved by the applicant”

 

  • It demonstrates your belief in, and commitment to, security, protecting the data of your customers, clients, suppliers and the business itself. In turn, this increases the chances of winning new business, as having the certification provides market differentiation, will enhance your reputation, and instill trust in the minds of potential clients.

 

  • Cyber Essentials is recognised by the Information Commissioner’s Office as the standard underpinning the data protection and network security aspects of GDPR compliance, and therefore, can help to meet the requirements of the directive
  • With security taken care of, you can focus more on the functions that matter the most, driving business efficiencies, productivity and growth.

 

 

Along with being a cost-effective solution to your security needs, it helps to mitigate common threats to businesses, protecting company assets and IP’s.

 

Talk to us today about securing your business, and those of your clients.

computer security

How To Get Certified?

Our dedicated support team will help guide you through the process. Contact our support team today for more information and to book a free consultation.

Why You Should Choose Apex As Your Cyber Essentials Partner

  • Because network, server and equipment safety is such a huge part of our services, we truly understand the importance of putting protective measures in place to safeguard our clients and their businesses.
  • We are a trusted Cyber Essentials accredited partner, highlighting our expertise, as well as our dedication to our clients and the industry.
  • Should an unexpected issue arise, our team of technical specialists are available 24/7 to help resolve the issue in an efficient, yet effective manner.
  • We don’t just leave you to it. We can provide you with as much guidance and support as you need to ensure you pass Cyber Essentials with flying colours.

 

 

Ready to pass the test? Please get in touch with us today to learn more about Cyber Essentials and how it’ll make a difference to your business, clients and employees.

How can we help?

  
IT Support Manchester
  

IT Support Desk

 

Outsourced IT Support

& Service Helpdesk

  
Learn More
  
Cloud Solutions Manchester
  

Cloud Solutions

 

Get the most from the

Cloud

  
Learn More
  
IT Support Manchester
  

IT Infrastructure

  

From Hardware to Network Cabling 

  
Learn More
  
IT Support Manchester
  

BCP Support

  

Keeping Your Business

Going

  
Learn More

Awards, Accreditations & Partners

Raise a ticket
Contact us