This is developing content so will be updated as the standard/s develop and best practice emerges. MRT 24th October 2019

With our long experience in securing computer systems and networks, and the ever increasing cyber threats our clients are facing, we are now providing consultancy services for Cyber Essentials and Cyber Essentials Plus.

Protect your business against cyber threats

These two linked Government backed cyber security schemes have become a requirement for SMEs bidding for many Government, Defence, NHS & other Public Sector contracts. It is based upon a published framework and the NCSC’s 10 Steps to Cyber Security and in some respects is like a quality standard for cyber security.

What do we need to get it?

 

What is the difference between Cyber Essentials and Cyber Essentials Plus?

 

Who gives us the certification?

 

How can Thompson Consultants help us?

 

Will it prevent us getting ransomware/hacked/<insert your cyber threat here>

It will greatly help in preventing many cyber threats to you and if you were not working towards the 10 Steps to Cyber Security before, then you will be much more secure after certification. However it isn’t a guarantee you are secure from all threats.

The scope of Cyber Essentials is to help secure you from external threats to your computers and network from the internet. It says nothing, however, on the insider threat and advanced, targeted attacks from governments or suchlike.

But don’t let that put you off: Cyber Essentials and Cyber Essentials Plus gives you an excellent security baseline to work from and for SMEs it is more applicable than something like ISO27001 for example.

Next steps

Ask us for an appraisal and survey. We can conduct an initial telephone interview and find out enough about your infrastructure and setup to determine whereabouts you are in relation to being able to get Cyber Essentials accreditation.

After that we can conduct an on-site survey and the deliverable from that will be an action plan. That will give you the next steps required in order to be able to pass the self-certification questionnaire. Probably you will be able to say ‘yes’ to a number of the required steps (so you have an up to date anti-virus solution in place for example) but will need to implement others – usually things like a default deny setting for internet access.

We can then either work with you to implement the changes in whole or in part and then arrange your certification with the certification body that we choose.