Cyber Essentials (CE & CE Plus) is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. CE will help you guard against the most common threats and is one of the first steps your organisation should take towards cyber security.
Cyber Essentials is a self-certification. This means that you are asked to supply answers to a questionnaire (with evidence) and the application is marked by Defendza's CE experts.
Cyber Essentials is a cost-effective assurance scheme for small and medium sized enterprises which is backed by the UK government. It helps you demonstrate to your customers that the most important cyber security controls have been implemented and it is a prerequisite for public sector suppliers.
Cyber Essentials (CE) Plus offers a higher level of assurance through the internal testing of the organisation’s cyber security measures. This means that one of Defendza's CE Plus experts will visit your office and perform a test that is in line with the Cyber Essentials requirements.
CE Plus requires an independent assessment of the technical security controls in place as well as a vulnerability scan to identify risks such as unpatched or unsupported software and incorrect configurations.
CE Plus quotations are based on the time it will take for our consultant to test your systems. Each quote varies depending on several factors including:
We assess that you keep your applications, software and devices up to date. it doesn't matter whether your business uses Android or iPhone devices, tablets or laptops, it's important that all the assets are kept up to date at all times.
Defendza review whether your business implements one of the malware protections to defend against attacks. These include anti-malware measures such as Defender, whitelisting applications or use of sandboxing techniques.
To review if there are restrictions on who has access to your data and services. Secure administrative privilege access management and access to software from official sources are two subjects in this topic that ensure 'just enough access' to perform the intended tasks.
This element reviews secure settings for your software and devices in use. Checks under this category include changing default settings, password controls and extra protections such as two factor authentication.
Perimeter firewalls & Internet gateways control who has access to your system and which users of your network can access internet. Cyber Essentials Certification criteria checks for relevant restrictions to protect your devices that connect to untrusted networks such as public Wi-Fi.
Here’s the roadmap to achieving Cyber Essentials and Cyber Essentials Plus.
We have a pre-assessment scoping call with your team to help us to understand the size of your organisation’s network footprint and get details of all internet-facing systems covered as part of your project.
Following this call, we send you a questionnaire to fill in: it’s relatively straightforward and won’t take too long to complete. If you need help, of course, Defendza is happy to assist you.
Based on your questionnaire responses, Defendza will scan your perimeter at both the infrastructure and web application level for vulnerabilities. We’ll discuss the scan results with you to make sure there are no compliance issues.
Based on the scan results, Defendza writes an interim report to highlight any issues that need addressing. This makes certain that there are no compliance issues at this point: if there are, we allow a remediation window of 4 weeks for your organisation to address them.
Assuming everything goes well, Defendza will issue your business with its Cyber Essentials Certificate. If you need any support, be assured that our team is available via phone or email to give you all the help you need.
To proceed with Cyber Essentials Plus, we need to complete an internal, onsite assessment of your network and security controls. We scan all internal IPs mentioned in your questionnaire for any internal vulnerabilities and perform a build review against a standard desktop build.
Using Cyber Essentials-approved payload files, which we email to an internal email address and gateway whilst we’re on site, we also conduct mobile assessment including host and gateway malware testing, as well as checking desktop protection.
Depending on results, Defendza will then issue an interim report to discuss with your team. 4 weeks of remediation time is available to ensure any highlighted problems are rectified. Defendza will assess the fixes so that you can be confident there are no further compliance issues.
Upon validation of all findings, Defendza will issue your organisation’s CE Plus certificate and you can go forward confident you’ve done everything you can to assure your cyber security.
Online invitation company Evite announced it was affected by a data breach involving the unauthorised access of customer information. Names, usernames, email addresses, passwords, dates of birth, phone numbers, and mailing addresses were potentially affected in the incident.
Cathay Pacific was breached in 2014, the full investigation report revealed in October 2018 disclosed that it affected 9.4 million people.Malicious actors exploited a decade old vulnerability on an internet facing server that allowed the group to bypass authentication and access administration tools residing on the server.
