Upgrading your Cyber Essentials Certificate

Just as you would have your accounts independently verified to ensure your books are balancing, it’s vital to have someone independently verify your IT systems.

Cyber criminals continue to adapt and find new ways to infiltrate IT infrastructures. This journey is one they go on daily. So, in order to fight fire with fire, ensuring your cyber defences are as robust as they can be, could see you embarking on your Cyber Essentials Plus journey.

The Cyber Essentials journey, only covers a self-assessment. There is one extra step in the Cyber Essentials Plus route, which sees an independent assessor conduct a site visit.

Just as you would have your accounts independently verified to ensure your books are balancing, it’s vital to have someone independently verify your IT systems. More often than not, your IT provider won’t be a cyber security expert, so having that fresh set of eyes to ensure your defences are the best they can be will not only provide reassurance for your firm/organisation or reassurance to your client’s/customers.

Here at Lawyer Checker, when we conduct our Cyber Essentials Plus site visits, 90% of the assessments we’ve conducted to date have revealed at least 1 high risk or critical vulnerability.

These vulnerabilities can be fixed easily by your IT provider, but they are often left unattended or unnoticed. Leaving these vulnerabilities unchecked could enable a cyber criminal to hijack your systems and potentially shut down your business. So, embarking on the Cyber Essentials Plus journey, gives you that extra bit of added value for money.

Jen Williams, Head of IT and Cyber Essentials Plus Auditor, said:

“It’s one thing to have implemented your cyber security controls but are they working and are they effective in keeping data safe.

“Although it may seem slightly scary to have an auditor running a fine-tooth comb through your IT infrastructure and processes, it can be really important. You have an expert there on hand who you can ask any questions to or challenges that crop up.”

When we think about cyber security, data protection isn’t always at the forefront of our mind at the same time. However, the Information Commissioner’s Office are required to consider the technical and organisational measures you had in place, if they ever have to investigate you for a data breach.

The ICO’s Principle (f): Integrity and confidentiality (security) state:

“We have in place basic technical controls e.g. those specified by established frameworks like Cyber Essentials.”

So, embarking on a Cyber Essentials and Cyber Essentials Plus journey provides you with the additional reassurance, that you have taken precautions that the ICO can check.

What does a Cyber Essentials Plus assessor check?

  • A Cyber Essentials Plus assessor checks the following areas when conducting their audit:
  • Vulnerabilities on your network visible to the outside world
  • Vulnerabilities visible to a hacker connected to your network
  • That your anti-virus software blocks the latest virus files
  • That your anti-virus software is effective if someone receives a malicious file via email
  • That your operating system and applications installed on your devices have all the required security patches

What is the Cyber Essentials Plus process?

The Cyber Essentials Plus process is straightforward, and falls into two categories:

  • If you have completed a Cyber Essentials accreditation in the last three months you pay an upgrade fee and book a site visit. You don’t have to do a brand-new assessment.
  • If your Cyber Essentials accreditation is more than 3 months old, then you’re required to complete a Cyber Essential self-assessment prior to booking your site visit.

Lawyer Checker believe in a jargon free, straightforward and accessible approach to cyber security. To start your Cyber Essentials Plus journey contact us today on 0800 133 7127, email: support@lawyerchecker.co.uk or submit the form below.