Technical Services
Cyber Essentials is a UK government scheme introduced in 2014 to helps organisations of every size to guard against cyber attacks, and demonstrate their commitment to staying secure. If your customers are becoming CyberEssentials certified, or looking for your help, is your technology portfolio ready? Use our tool to review it against the requirements.
80%
of organisations believe the scheme helps mitigate risks
71%
agree that the scheme has strengthened taking cybersecurity seriously
33%
of contracts in the last year required Cyber Essentials certification
80%
fewer cyber insurance claims are made when Cyber Essentials is in place
For smaller organisations in particular, cybersecurity is a very challenging task - evolving threats, lack of in-house expertise and a complex technology landscape to navigate.
Cyber Essentials offers a simple path to ensuring they can meet the fundamentals. It's also increasingly listed as a requirement for suppliers, especially those working with public sector organisations like local councils, schools and the NHS.
It’s a great opportunity for you to help your customers examine those basic steps, and give them greater confidence in their cybersecurity posture. Follow the simple process below to review your portfolio against the key 5 criteria.
Answer a few questions so we can determine what areas we can help support you with.
Firewalls
A network security firewall – this can be a dedicated appliance, or part of the UTM solution, and typically is located physically on the local network(s). Firewalls are one of the fundamental components of cybersecurity defences, so it’s essential to have them in your portfolio – especially for customers who may have legacy solutions in place.
Cyber Essentials requirements: Ensuring the network is protected at the gateway
Do you currently sell Firewalls?
Secure Configuration
It's essential that all network devices and systems are setup correctly, secure by default, and not able to be access by internal users or external suppliers/contractors/customers who don't have right permissions or authorisation. Dedicated secure configuration solutions classify the system, identify and remediate misconfigurations, and automate updates.
Cyber Essentials requirements: Ensure that computers and network devices are properly configured to reduce vulnerabilities and provide only the services required to fulfil their role
Endpoint Management
Ensures all network and user devices are setup correctly and security controls applied.
Do you currently sell Endpoint Management?
Technical Services
Cybersecurity services, to help provide expert advice and guidance on posture.
Do you currently sell Technical Services?
CASB
Cloud Application Security Broker (CASB) provides security controls and visibility into cloud apps.
Do you currently sell CASB?
Security Update Management
Patch Management is a key tool when automating and managing updates to software and hardware, and ensuring available patches and updates are deployed, and applying additional protection where one isn’t available (such as for legacy systems).
Cyber Essentials requirements: Ensure that devices and software are not vulnerable to known security issues for which fixes are available.
Do you currently sell Patch Management?
User Access Control
Users are frequently the targets for attacks, and yet often have too much access to systems and data that they don’t need. User Access Control can ensure a least privilege rule is applied, that their identity is verified, and the principle of Zero Trust ensures they only have access to what they need.
Cyber Essentials requirements: Ensure that user accounts are assigned to authorised individuals only and to provide access to only those applications, computers and networks the user needs to carry out their role
PAM
Manages user privileges and rights, to ensure they can only access resources and systems they need to.
Do you currently sell PAM?
MFA
Multi-Factor Authentication requires additional verification of a user's identity.
Do you currently sell MFA?
ZTNA
Zero Trust Network Access (ZTNA) ensures remote users can only access the apps and resources they need to, replacing legacy VPN.
Do you currently sell ZTNA?
Malware Protection
Malware is one of the biggest forms of cyber attack, and includes ransomware as well as forms that can steal data, credentials or control the device. Endpoint security can help protect against malware being installed or run, and endpoints can include servers, workstations, laptops or phones, as well as cloud infrastructure such as workloads and containers.
Cyber Essentials requirements: Keep software and devices up-to-date by applying security updates and patches promptly. This helps close known vulnerabilities that attackers could exploit.
Anti-Virus/Malware
Essential endpoint protection against malware and viruses.
Do you currently sell Anti-Virus/Malware?
Email Security
Provides protection and security for email gateways or applications.
Do you currently sell Email Security (SEG)?
Web Security
Protection for any users or devices accessing public web applications or services.
Do you currently sell Web Security (SWG)?
Cyber Essentials Certification
After your customer has reviewed the technology and processes they have in place, the final step is for them to get certified. It's a simple process that can be completed in as little as 24 hours, and is suitable for businesses of all sizes. All preparation can be in-house, with the one-off audit completed by a certified body.
Cyber Essentials requirements: Work with a certifying partner to provide evidence for the necessary controls and processes. Once reviewed, an Accredited Auditor will approve, or provide next steps for any failed checks.
Do you offer Cyber Essentials Certification?
Here's a review of your portfolio, and where it maps against the Cyber Essentials requirements.
