Cyber Essentials is like an MOT test for your car – it confirms that your IT systems have passed a key set of standards. If you can show that your organisation is meeting the security standards in Cyber Essentials, you can be confident that you have some protection against the most common types of cyber attack.
Checking that you meet the standards will involve some work with your IT supplier, but completing the process means you have a better idea of how robust your IT systems are. Here’s a quick overview of the main elements of Cyber Essentials.
Cyber Essentials is important because as organisations are making more and more use of digital technology, they are potentially putting more and more information at risk from cyber attack.
Because your IT systems are a crucial part of keeping your organisation on the road, you need to be sure they are well protected from cyber attacks. Most charities would struggle to operate effectively if they lost access to their data, or were not able to send or receive emails. So a bit of work to prevent such scenarios is very worthwhile. Organisations who have already received support to get Cyber Essentials have found it a worthwhile process.
“If you are following industry best practices, Cyber Essentials is easy to achieve and gives your organisation the reassurance that they are doing as much as possible to protect their IT. This will hopefully reassure any present and future partners that their data is safe with us” – Andrew Heede, GCVS
The Cyber Essentials scheme addresses the most common Internet-based threats to cyber security — particularly, attacks that use widely available tools and demand little skill. For example:
- hacking — exploiting known vulnerabilities in Internet-connected devices, using widely available tools and techniques
- phishing — and other ways of tricking users into installing or executing a malicious application
- password guessing — manual or automated attempts to log on from the Internet, by guessing passwords
How does getting Cyber Essentials benefit your organisation?
- It gives service users and supporters confidence that you are working to secure your IT and their data against cyber attack
- It could help you secure new partnerships with the promise you take cyber security seriously
- Obtaining accreditation helps you build a relationship with a trusted IT supplier
Cyber Essentials certification demonstrates levels of security which may be required for certain local & national government contracts.
Certification involves a simple, three step process:
- Choose one of the Cyber Essentials Accreditation Bodies
- Work with an IT supplier or your in-house IT team to verify that your IT is suitably secure and meets the standards set by Cyber Essentials – your Certification Body can help with this.
- Complete the questionnaire – your Certification Body will provide this and verify your answers. Once you’ve passed, you will be awarded your Cyber Essentials certificate.
With the support of the Scottish Government, SCVO are running a grants scheme to support charities and third sector organisations to achieve Cyber Essentials accreditation. Grants of up to £1,000 are available, to cover technical work to prepare for Cyber Essentials and the cost of accreditation itself.
The deadline for the current round of cyber grants is 30 August 2019 – apply now!