To ensure the safety and security of our customer data, Human Focus maintains strict cybersecurity procedures. We are pleased to announce that our renewal application has been accepted by Cyber Essentials for the second year running. Human Focus now holds Cyber Essentials certification for the year 2021.
The Cyber Essentials scheme is supported by various industry sectors and the UK government. It was developed to help protect small to medium-sized organisations against common online threats. Being certified by Cyber Essentials demonstrates a company’s commitment to cybersecurity.
What is Cyber Essentials?
Launched in 2014, Cyber Essentials is a management information assurance system operated by the UK National Cyber Security Center (NCSC). This simple but effective scheme helps organisations protect themselves against cyber threats and attacks.
Most cyberattacks do not use complex technology and are carried out by people without extensive computer programming expertise. Online thieves are constantly scouring the internet for vulnerable websites.
Businesses can deter many would-be hackers by gaining Cyber Essentials certification. Cyber Essentials accreditation lets online criminals know right away that a business can defend itself against the most common cyberattacks.
Cyber Essentials accreditation covers the IT infrastructure currently used within Human Focus. This includes, but is not limited to, servers, workstations, firewall, hardware, anti-virus, and software applications. Maintaining compliance with the government-backed Cyber Essentials scheme preserves the security and privacy of our clients’ data.
What is Cyber Essentials Certification?
Cyber Essentials certification shows that a company can defend itself against malicious cyber threats and cares about the data security of its customers. It assures customers, investors, insurers, and others that essential procedures are in place to guard against cyberattacks.
Gaining Cyber Essentials accreditation proves that a business is maintaining due diligence against the most common potential cyber threats.
The main benefits of Cyber Essentials certification include:
- Proof that a business is working to secure IT systems against online attacks
- Peace of mind for both new and existing customers
- Demonstrates a commitment to implementing cybersecurity procedures
- Provides an overall picture of a company’s cybersecurity level
- Certification allows a business to become eligible for some government contracts
- Potentially cuts insurance costs and the costs of IT security breaches
Why Does Human Focus Have Cyber Essentials Certification?
Human Focus believes that it is vital for modern businesses and organisations to participate in the Cyber Essentials scheme and achieve certification.
Our goal is to provide our clients with peace of mind and the assurance that we can prevent the majority of common cyberattacks. Human Focus is committed to preserving the security and privacy of our users’ data and will continue to renew our Cyber Essentials certification.
Below is our certificate for 2021:
Increasing Risk of Cyber Threats
Hackers are constantly adapting their methods to overcome security measures. The 2020 Cyber Security Breaches Survey shows that cyberattacks on UK businesses have become more frequent, more sophisticated, and have resulted in substantial costs.
Some 46% of businesses reported that they had to deal with cyberattacks on a weekly basis. Although the impact from malware and viruses fell, the incidence of phishing attacks rose. The average yearly cost of these cyber attacks for smaller businesses was £3,230, while larger firms averaged a cost of £5,220.
The security measures required to achieve Cyber Essentials certification would have prevented many of these incidents. According to the NCSC, Cyber Essentials certification can prevent up to 80% of common cyberattacks.
How does Cyber Essentials Work?
Simply put, the Cyber Essentials scheme is a programme designed to help UK businesses protect themselves from cyber threats. In order to attain Cyber Essentials certification, a business must complete a Self-Assessment Questionnaire (SAQ) and undergo an external vulnerability scan performed on their IP addresses.
The SAQ is first reviewed by the Cyber Essentials Online Team, then sent to the Accreditation Body, IASME (Information Assurance for Small and Medium Enterprises Consortium), for approval.
The time it takes to review and approve a business’ Cyber Essentials SAQ can vary, although companies can choose a Fast Track option that will provide them with a result in two business days.
There are two Cyber Essentials packages currently available: Cyber Essentials, and Cyber Essentials Plus. The basic Cyber Essentials package includes an online self-assessment questionnaire, which if successfully completed will provide Cyber Essentials certification for 12 months.
Cyber Essentials Plus involves a more rigorous test of an organisation’s cybersecurity systems, including an on-site assessment by IASME. Cyber Essentials Plus also provides dedicated helpdesk support and has no resubmission fees.
What does Cyber Essentials Test for?
Cyber Essentials accreditation involves testing the following criteria:
- Firewalls and Internet Gateways – All networks must have an appropriately configured firewall
- Virus and Malware Protection – Systems must have adequate protection against viruses and malware
- Patch Administration – All systems should have the latest security patches installed
- User Access Control Systems – Measures must be in place so that only authorized users can access the system
- Secure Configuration – Configurations must be made secure. Default configurations can be vulnerable
Is it Mandatory to Renew your Cyber Essentials Accreditation?
Yes, it is mandatory to renew your Cyber Essentials certification annually. The purpose of Cyber Essentials is to help organisations continuously improve their security standards. The ever-changing nature of cyberattacks requires that IT systems can combat the latest viruses and malware and that operators are aware of current phishing methods.
To ensure that a business maintains an acceptable level of cyber-readiness, Cyber Essentials certification is only valid for a period of 12 months. Annual Cyber Essentials accreditation is required for businesses to continue to use Cyber Essentials branding on their websites and promotional materials.
What Support Services do you Get with Cyber Essentials?
Cyber Essentials provides business with a range of support services to assist them during the certification process:
- Vulnerability Scan – an examination of computer networks to detect any security weaknesses. These exposures are detected by comparing collected information to a database of known flaws
- Fail-Safe – Cyber Essentials provides additional support via its Fail-Safe network. Fail-Safe is a collection of cyber experts who assist businesses in passing their SAQ
- Speed of Assessment Uplift – this service ensures that the Cyber Essentials Accreditation Body, IASME, completes an assessment within 24 working hours