Achieving Cyber Essentials certification can seem a daunting task for many small businesses. But it doesn’t need to be. Here are some common mistakes and how you can make certification easy.
Cyber Essentials shouldn’t be tough to complete. It only covers the “essentials” of data security. In other words, the bare minimum you should be doing as part of your Data Protection program.
Avoiding Cyber Essentials mistakes
As a Certifying Body, Fifth Square see the same mistakes time and time again. These include:
1. Getting the IT company to answer the questions –
Many outsourced IT companies see Cyber Essentials as questioning their abilities or trying to catch them out. This results, sometimes, in distrust and a lack of cooperation. Often it means a long wait for replies. If you don’t know the answers yourself then read on.
2. Not understanding the scope.
A common IT “sin” is viewing mobile phones as simply a phone, despite them being powerful computers. This is often due to poor advice but for a meaningful certificate you need to include all your businesses devices.
3. Answering the questions with a “yes” or a “no”.
When we’re reviewing applications we need to understand the “what” and the “how”. Typically we’re looking for 80% of the answers to be expanded on so that we can understand what governance you have in place.
4. Thinking that it is just a box ticking exercise.
As massive fans of Cyber Essentials we believe that every business should be obligated to have Cyber Essentials. It should be a start of a meaningful Data Security journey for your business rather than a box tick. That is why we recommend IASME Governance as well. With cyber crime rapidly growing it really is time business took data security seriously.
5. Paying too little, or too much.
At it’s cheapest you only need to pay £300 for certification. This includes £25,000 of Cyber insurance. A bit of a bargain considering all the benefits. For those that know what they are doing this is all you need to pay.
Sometimes outside assistance is required, especially if you aren’t IT savvy and need someone to talk to your IT support company in language they understand! In these circumstance you may need some decent advice and guidance. We have seen some extremely high costs that we don’t believe can be justified. So be careful. Don’t get ripped off by companies pretending Cyber Essentials is some black art. It isn’t.
Making Cyber Essentials Easier
We’re happy for clients that just want to pay £300 for certification. Rather than fail someone, we always ask to verify the answers with us in advance. That way, if we spot anything that it is going to fail, or we need more information we can tell you in advance.
For those that need a bit of additional help we go through a methodical process that is right for you. We will even kick the appropriate backsides if needed. In some cases we can go back to the Board of Directors to explain why the IT needs upgrading or we can discuss with IT why we need something changing.
Whatever assistance is needed we tailor something that is right for you.
By following a clear method you can achieve Cyber Essentials certification. We provide that method to make it all a bit easier. Here is what one recent client had to say:
I would just like to take this opportunity to say thank you for making this process so straight forward, I was quite daunted at the prospect of having to go through such a process but your professionalism and advice was first class and we were able to obtain our certification within a short space of time!TEG EDUCATION