Cyber Essentials

Michael Maynard

27 May 2020

Tilix is pleased to offer support to startups and small and medium-sized enterprises (SMEs) that would like to obtain Cyber Essentials. This can be in the form of ad hoc advisory or as a turnkey solution.

About Cyber Essentials

Cyber Essentials is a UK Government-backed security assurance scheme that was developed to support its National Cyber Security Strategy in improving the overall online security posture of UK businesses and organisations.

It is of particular relevance to SMEs for which IT is not a core competency. The IT systems in these firms are primarily comprised of common-off-the-shelf (COTS) products, rather than heavily customised, complex solutions.

The Cyber Essentials scheme adopts a two-tiered approach: standard Cyber Essentials accreditation and Cyber Essentials Plus.

The Cyber Essentials certification process comprises an external vulnerability scan and a self-assessment questionnaire (SAQ). It also defends against common attack vectors that target enterprise-level and corporate IT systems.

Cyber Essentials Plus takes the evaluation process one step further as it requires an audit from a qualified third-party assessor, in addition to the SAQ required for the standard Cyber Essentials certification.

The cost of Cyber Essentials certification for SMEs can be less than £500 at basic level. For the Cyber Essentials Plus level, the costs are in the region of £2,000.

For more information, please follow these useful links:

Five controls

Cyber Essentials covers five main technical controls which will protect companies against an estimated 80% of common internet threats (cyber attacks including hacking, phishing, password guessing, etc.). These controls are:

  1. Boundary firewalls and internet gateways - all networks should have a properly configured firewall.
  2. Secure configuration - default configurations are often vulnerable; these need to be made secure.
  3. User access controls - only the correct, authorised people can access systems.
  4. Malware protection - protection against malware and other viruses.
  5. Patch management - all software and systems should have the latest security patches installed.

Cyber Essentials support from Tilix

Tilix can support clients in performing a preliminary cyber audit covering the five key Cyber Essentials controls outlined above.

“Cyber Essentials provides SMEs with a foundation on which they can build a security posture that can evolve to meet the increasing variety and complexity of cyber threats.” Dr Neil Williams, CxO, Tilix

The starting point is an initial conversation. This is followed by a quick look at the current situation and an assessment of the available options. In many cases, the support from Tilix is light-touch advisory and is free of charge. In some cases, where a more meticulous approach is required or client resources are simply not available to do the necessary self-certification work, additional support can be purchased from Tilix.

About IT services from Tilix

Building on experience garnered from interim IT leadership assignments with Ovo Energy and Good Energy, Tilix provides a suite of IT management and IT governance services to SMEs in the energy, mobility and cleantech markets.

Click on the link to read the Tilix GDPR Compliance Statement. We are registered with the Information Commissioner’s Office (#ZA320654) and are Cyber Essentials certified (#IASME-CE-000239).

If you would like to find out more about Cyber Essentials, GDPR and other IT security certification options (e.g. ISO27001), please book a discovery call or leave a short text message.