Cyber Essentials

Cyber Security with Apex Computing

The Cyber Essentials scheme has been developed by the Government and industry to fulfil two functions:

It provides clear guidance regarding the basic controls all organisations should implement to mitigate the risks from common internet-based threats.
Through the Assurance Framework it also offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that the company has taken essential precautions.

Cyber Essentials offers a sound foundation of basic IT hygiene measures that all types of organisations can implement and potentially build upon. The government believes that implementing these measures can significantly reduce an organisation’s cyber vulnerability. Please bear in mind, it does not offer a silver shield to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide cost-effective, basic cyber security for organisations of all sizes.

Why is this relevant and when did it all start?

Back in 2012, the UK Government launched its ‘10 Steps to Cyber Security’ and subsequently the ‘Small Businesses: What you need to know about Cyber Security’ guidance manual to encourage organisations to consider how well they were managing their cyber risks. The Government emphasised the need for company Boards and senior executives to take ownership of these risks and ensure that they have considered them adequately in their risk management regime. The initiatives gained traction and industry was very receptive to the government’s cyber security advice and guidance.

After the success of these initiatives, industry wanted evidence for their dedication to cyber security and thus the Cyber Essentials accreditation was born.

The government has since worked with industry to develop new requirements. This is the Cyber Essentials scheme, which focuses on basic cyber hygiene.

The scope of the Cyber Essentials scheme covers the basics of cyber security in a small business or corporate IT system. Implementation of these controls can significantly reduce the risk of prevalent but unskilled cyber-attacks. For many organisations, especially those with significant information assets or those that are exposed to a wider range of threats, Cyber Essentials will be a practical component of wider ranging cyber security procedures.

Our Packages

Cyber Essentials
^{From £}799+VAT

This is completed internally with Apex Computing’s help, in the form of a self-answer questionnaire which is then accredited externally.

We help get your organisation ready for the accreditation. This may include making changes to your systems and processes to bring them in line with compliance for the accreditation. This includes the cost of your assessment fee and up to 1 day onsite support where a Security Audit will be completed.

Any larger compliance requirements would be quoted for separately and may incur additional costs.

Cyber Essentials Plus
^{From £}2500+VAT

Your organisation will be audited externally by an accredited agency, Xyone.

We prepare your systems for Cyber Essentials Plus, firstly, by completing an onsite Security Audit. As part of this, any minor changes that are required to make your company compliant will be completed in the fixed cost.

We would also have an engineer onsite to assist on the day that the examiners visit to carry out the audit.

Any larger compliance requirements would be quoted for separately and may incur additional costs.

Managed Security Service
^{From £}250+VAT / Per Month

This is where you pay a monthly fee to Apex Computing for a managed security service, which includes:

A business grade SonicWall Firewall with advanced features including reporting and user web usage monitoring.
A yearly Security Audit.
Yearly renewal of Cyber Essentials.
Monthly external vulnerability scanning.
Quarterly review meetings where recommendations are made to improve your organisation security.

Why choose us?

Cyber Essentials concentrates on five key controls:

There are 5 important controls that Cyber Essentials addresses. These include:

Patch Management: Cyber criminals often exploit known vulnerabilities in software, operating systems and third-party applications if they are not properly patched or updated. Regardless of which phones, tablets, laptops or computers your company uses, it’s important that they are kept up to date at all times to prevent this from happening.

Cyber Essential Requirements:

Software must be:

Kept up to date, licensed and supported.
Removed from devices when no longer supported.
Patched within 14 days of an update being released, where the patch fixes a vulnerability that the supplier or vendor describes as ‘critical’ or ‘high risk’.

Malware Protection: From opening an infected email and browsing a malicious website to using a memory stick containing malware or viruses, there are many ways that this harmful software can gain access to, and cause damage to, sensitive data. Businesses should put practices in place that restrict malware access.

Cyber Essentials Requirements:

Your company should put at least one of these preventative measures in place:

Anti-malware software: kept up to date, with signature files updated daily; configured to scan files automatically upon access and website pages automatically when they are accessed through a web browser; must prevent connections to malicious websites on the internet.
Whitelisting: This is where a business keeps a current list of approved device applications, preventing users from installing and running those that may contain malware. Any applications not on the list will be blocked from running, and is an especially strong form of protection.
Application Sandboxing: This is where an application runs in an isolated environment, restricting access to the rest of your devices and networks. This keeps your files and other applications beyond the reach of malware wherever possible.

Secure Configuration: This ensures that computers and network devices are configured to prevent vulnerabilities, cyber risks and data breaches.

Cyber Essentials Requirements:

For computers and networks, the business must regularly:

Remove and disable any unnecessary accounts and software.
Change any default or obvious passwords.
Disable any auto-run features that allow file execution without user authorisation.
Authenticate users before allowing Internet-based access to sensitive data.

Password-based authentication requirements:

Create limit attempts or the number of guesses allowed within a time period.
Set a minimum password length of at least 8 characters but not set a maximum password length.
Change passwords immediately when the user knows or suspects that someone is trying to hack into their account.
Putting a password policy in place that instructs on best practices.

Access Control: To reduce damage done if an account is misused or stolen, team member accounts should be assigned to authorised individuals only, and they should only be given access to the applications, computers and network needed to do their job.

Cyber Essentials Requirements:

The business should:

Authenticate users before granting them access to applications, devices, software and programmes.
Remove or disable accounts when they are no longer required.
Implement two-factor authentication.
Use administrative accounts to perform administrative activities only.
Remove or disable special access privileges when they are no longer required.

Boundary Firewalls and Internet Gateways: You should protect your internet connection with a firewall that analyses incoming traffic to discover whether it should or shouldn’t be allowed onto your network. This prevents unauthorised access to or from your private networks. Every device that connects to the internet must therefore be secured with a firewall, or equivalent network device.

Cyber Essentials Requirements:

The business should:

Change any default administrative password to an alternative using best practices.
Prevent access to the administrative interface from the internet, unless the interface is protected with superior controls.
Block unauthenticated inbound connections by default.
Ensure that inbound firewalls rules are approved and documented by an authorised team member.
Remove or disable permissive firewall rules quickly when they are no longer needed.
Use a host-based firewall on devices that are used on untrusted networks, such as public Wi-Fi hotspots.

Put these measures in place and you’re well on the way to becoming certified. We can help you with everything from scoping and filling in the questionnaire, to conducting our own security audit, which thoroughly reviews your business systems and processes, ensuring that they meet the Cyber Essentials requirements. We’ll then make recommendations to help improve network and security measures for the ultimate level of protection.

What our clients say

As with moving to any new supplier there is always a nervous feeling. Business continuity is paramount. All of our inventory is RFID tagged, so if our IT systems stop, so does our production. Our customers are not interested in IT problems, they need large volumes of linen for their daily operations. We needed IT support that understood our business. We made the right choice moving to Apex. Apex are proactive, efficient and show great understanding.
Tarik Saleem, The Linen Group
After consulting other competitors on the market we were blown away by Apex Computing. They understood our needs, offered a personal service and to date have performed exceptionally. I really can't recommend them enough.
David Busby, Around Town Flats
Apex is a fantastic IT support company with great people and client service. We are in regular contact with them and have never had a bad experience. We value their knowledge here at Embryo Digital and they support us with any IT issues we have with incredible care and attention.
Embryo Digital - embryodigital.co.uk
Our company has grown considerably since Apex first started to support us in 2009 and they have been pivotal in making sure our IT infrastructure has been able to support this growth. Our company operates 24/7 and monitors over 25,000 manned guards. Apex has always responded quickly to solve any problems and never failed to answer the phone at any time.
- Steve Foster, Kingdom Services Group -
As soon as we joined Apex, we immediately noticed a sharp increase in the number of IT Support calls we were making; not because of any increase in the number of IT issues we were experiencing, but simply due to the fact that we knew any issues we might have would be fixed promptly and efficiently, and therefore had no inhibitions in calling on Apex for help.
- Matthew Wilkinson Pyranha Kayaks -
We have been using Apex Computing Services for over 5 years for our IT Support. Over the years of working with Director Chris Gorman and the support engineer team they have really gone above and beyond our expectations. I trust Chris and the team to handle any of our IT support issues and find them extremely helpful and they are a joy to work with.
- James Beazley, 6group.com -
We have continued to get excellent service and support from Apex Computing Services. With Manchester Carers being a local independent charity, we rely on an honest, trustworthy and innovative IT support company. We are really happy with the service we have received over the years and we value their IT knowledge and expertise. They take corporate social responsibility really seriously.
- Shirley Devine, Manchester Carers -
As a small business we have tried to concentrate on giving service to our customers rather than spending too much time getting a proper computer system infrastructure to cope with increasing work. As a result we suffered and Apex Computing came to our rescue going beyond expectations by trying to sort our existing problem before offering a full solution. I thoroughly recommend them.
- Paul Rebbitt, Park Hose -

Why Is Cyber Essentials Necessary?

These are just a handful of the reasons why we believe Cyber Essentials is necessary for businesses of all shapes and sizes, regardless of sector or industry:

In 2018, the average global cost of a security breach was £3.5m, which doesn’t even take into account losses of reputation, clients and sales.
43% of all cybercrime is committed against small businesses, with 6 out of 10 of those businesses closing within six months of the attacks.
With highly sophisticated attacks now commonplace – even Deloitte, the world’s largest cybersecurity consultant was attacked in 2017 – businesses should assume that they will be breached at some point, and put measures in place to detect and respond to malware, viruses and other activity before it causes damage and disruption.
With Cyber Essentials, you can bid for UK Government contracts that involve the handling of personal and confidential information, and increase the likelihood of securing business within the private sector.

What’s Included in Cyber Essentials?

Cyber Essentials is self-certified process, involving a 40-question questionnaire. Each question requires a ‘Yes’ or ‘No’ response, with justification for proof. We are more than happy to help with the process, whether that’s determining the scope, checking that your IT systems are secure and that all five controls are implemented correctly or submitting the questionnaire for review by Xyone and APMG.

What Should I Expect On The Cyber Essentials Questionnaire?

Examples of questions that appear on the questionnaire include:

Are there firewalls in place which protect all your devices?
Are unauthenticated inbound connections blocked by default?
Are external users authenticated before they are given Internet-based access to commercially or personally sensitive data, or data which is critical to the running of the organisation?
Has two-factor authentication been implemented, where available?
Is all software installed on computers and network devices in the scope licensed and supported?
Are passwords changed when it is suspected they are compromised?
Does the software scan files automatically upon access?

If while filling out the questionnaire you require some assistance, please don’t hesitate to pick up the phone and give us a call on 0161 233 0099.

What’s Included in Cyber Essentials Plus?

With Cyber Essentials Plus, the protective measures you need to have in place are still the same, but your cyber security is tested and confirmed by a certification body. We trust Xyone with all of our clients, who confirms the scope for Plus, and then:

Conducts an external vulnerability scan.
Carries out an onsite vulnerability scan.
Handles manual computer and mobile checks.
Verifies that the 5 key controls are in place.

If there are any nonconformities, we can help you fix them. A Xyone assessor will then reassess your security practices, and should they all be up to scratch, you will receive your Cyber Essentials Plus certificate.

As with Cyber Essentials, we are happy to help with everything from the scope to providing you with guidance on best practices for the assessor. For example:

Creating an admin account for vulnerability scanning.
Providing an asset inventory of all devices.
Providing the IP addresses in scope for the test.
Being available to help the assessor with any troubleshooting.
Setting aside time for a discovery meeting.

Then, dependent on the results of the meeting, we can help you put remediation in place that aligns with requirements, and help you prepare for reassessment.

What Are The Benefits Of Cyber Essentials?

Cyber Essentials offers many advantages to certified businesses, including:

From secure configuration and malware protection to boundary firewalls, access control and patch management, Cyber Essentials focuses on five important security controls that, according to the government, could prevent up to, ‘’80% of cyber attacks.’’

Having Cyber Essentials can also reduce insurance premiums. A 2015 government report, ‘UK cyber security: the role of insurance in managing and mitigating the risk’, found that most insurers believe that, ‘’Cyber Essentials would provide a valuable signal of reduced risk when underwriting cyber insurance for SMEs, allowing them to use a reduced question set and informing their decisions to underwrite”, and that “participating insurers operating in the SME insurance sector have agreed to build reference to the Cyber Essentials standard into their cyber insurance applications, and will look to simplify the application where accreditation has been achieved by the applicant”

It demonstrates your belief in, and commitment to, security, protecting the data of your customers, clients, suppliers and the business itself. In turn, this increases the chances of winning new business, as having the certification provides market differentiation, will enhance your reputation, and instill trust in the minds of potential clients.

Cyber Essentials is recognised by the Information Commissioner’s Office as the standard underpinning the data protection and network security aspects of GDPR compliance, and therefore, can help to meet the requirements of the directive

With security taken care of, you can focus more on the functions that matter the most, driving business efficiencies, productivity and growth.

Along with being a cost-effective solution to your security needs, it helps to mitigate common threats to businesses, protecting company assets and IP’s.

Talk to us today about securing your business, and those of your clients.

How To Get Certified?

Our dedicated support team will help guide you through the process. Contact our support team today for more information and to book a free consultation.

Why You Should Choose Apex As Your Cyber Essentials Partner

Because network, server and equipment safety is such a huge part of our services, we truly understand the importance of putting protective measures in place to safeguard our clients and their businesses.
We are a trusted Cyber Essentials accredited partner, highlighting our expertise, as well as our dedication to our clients and the industry.
Should an unexpected issue arise, our team of technical specialists are available 24/7 to help resolve the issue in an efficient, yet effective manner.
We don’t just leave you to it. We can provide you with as much guidance and support as you need to ensure you pass Cyber Essentials with flying colours.

Ready to pass the test? Please get in touch with us today to learn more about Cyber Essentials and how it’ll make a difference to your business, clients and employees.