What are Cyber Threats?
Cyber attacks cost organisations thousands of pounds and cause lengthy periods of business disruption. Cyber Essentials is a government-backed scheme that helps businesses to protect themselves against cyber threats. As businesses increasingly utilise email and internet based services, so increase the opportunities for hackers to commit fraud or target intellectual property. Cyber attackers will attack any organisation that isn’t properly protected, with small organisations lacking enterprise security often seen as easy targets.
What is GDPR?
If you hold data on your customers, then GDPR applies to your business. The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
The new rules mean your business must abide by strict protocols governing the collection, storage and use of both B2B and B2C Data. Non Compliance with the GDPR can result in hefty files of upto 4% of your annual global turnover.
How Can Rejuvenate Help?
As consultants, we noticed that a lot of companies needed to secure themselves and achieve information security standards, but ultimately found the process too complicated or were limited by financial or human resources.
We believe that every organisation should be able to easily comply with recognised standards and protect their data and infrastructure. Our Managed Compliance service takes the pain and hassle out of Cyber Essentials and GDPR Compliance. We automate the evaluation process, work with you to profile your data and security systems, then finally help you to achieve your compliance. But it doesn’t stop there, most consultants will help you to achieve your compliance then leave you alone until it’s due for renewal. Our Managed IT Service keeps your devices compliant 24/7 with full weekly reporting. When you’re compliance renewal is due, there’s nothing to do – you’re still compliant!
Compliance in a Box
Protecting your organisation and data is hard work – let us make it easier
We believe that every organisation should be able to easily comply with recognised standards and protect their data and infrastructure. Join us on our journey to make compliance accessible, rewarding and fun.
Utilising the IASME Governance framework will reduce your cyber risk by over 80% and ensures processes for risk mitigation, business continuity and data protection for startups & SMB’s.
For the ambitious, it’s also the ideal stepping stone towards achieving ISO 27001.
Prevent 80% of Cyber Attacks
Our Managed Compliance service is designed so you can meet recommended Government standards and stop the majority of attacks dead in their tracks.
We provide model answers and plain English tips to guarantee you achieve your Cyber Essentials and IASME GDPR Certification on the first attempt.
Ensure that you are protected 24/7 with our Managed IT Service, which constantly ensures that employees and their devices remain compliant.
We deploy our Managed Compliance App throughout your network, giving us instant insight into the security and status of all of your devices. It takes less than 60 seconds to scan for vulnerabilities and identify non-conforming devices.
Within the platform, we have guided official questionnaires and live support to ensure you breeze through to a successful result.
In order to assist, we provide plain English implementation tips and model answers that cover the majority of use cases. Never get stuck filling in a form again!
Our cloud-based dashboard is used to manage compliance throughout your organisation. You can add team members, check the compliance status of individual devices and fix issues within the dashboard, or leave it to our team!
We provide How to’s and step-by-step instructions ensure that anyone, regardless of technical or compliance knowledge, can use our service.
We continue to ensure your users and their devices remain compliant with checks every 15 minutes.
We provide ongoing IT compliance to ensure that your company remains compliant throughout the year, so you don’t have to.
Frequently Asked Questions
Here are some frequently asked questions about Cyber Essentials and our Managed Compliance Service. If you have a question we haven’t covered, yet in touch!
What operating systems do you support?
macOS High Sierra
OS X El Capitan
OS X Yosemite
Windows Server 2008
Windows Server 2012
Windows Server 2016
Currently, we do not support:
Why does my business need to have Cyber Essentials?
If your business holds any data, whether it is employee data, suppliers’ information or customer marketing records, the benefits of increased cyber security and data compliance are worth the initial investment. ?
Here are 3 reasons why your business will benefit from becoming Cyber Essentials certified:
1. Protect against 80% of threats
The main benefit of becoming Cyber Essentials certified is to protect your business from cyber-attacks and to ensure compliance with all current and future data regulations. The scheme prevents up to 80% of the most common computer security breaches. It aims to provide businesses with a strong base from which to reduce the risk from these prevalent, but unskilled, cyber-attacks.
2. Show your customers that you are taking cyber security seriously.
By displaying the Cyber Essentials badge on your website, you show to your customers, partners and investors that you take the security of your systems seriously. This can be particularly beneficial if you are storing personal information (such as medical records or financial information), or hosting other commercially sensitive data. This shows your customers you take the integrity of their data seriously and builds trust.
3. Cyber Essentials Enables You to Bid for Government Contracts
In an attempt to improve cyber security in its supply chain, the government has decreed suppliers must be compliant with the Cyber Essentials scheme in order to bid for contracts which involve the handling of sensitive information and the provision of certain technical services. Not only does this defend the integrity of government information, it could even give your company a competitive advantage when bidding for public sector tenders.
What are the benefits of Cyber Essentials?
The Cyber Essentials scheme provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the Internet with low levels of technical capability. Organisations that are good at cyber security can make this a selling point – demonstrating to their customers through the Cyber Essentials badge that they take cyber security seriously.
Who is Cyber Essentials for?
Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to review and implement the requirements .
This is not limited to companies in the public sector and adoption is increasing in the private sector, a number of the country’s biggest firms are encouraging or mandating their suppliers to adopt Cyber Essentials. These include Barclays, BT, Vodafone, Astra Zeneca and Airbus.
Cyber Essentials is also applicable and beneficial for organisations such as schools, universities, charities and non-profits.
The implementation of good cyber security controls protects organisations regardless of industry, reducing the risk and damage of a cyber attack is the primary aim.
When can I apply to Cyber Essentials?
The scheme is open now and is available to all organisations. We will guide you through the entire process.
Does the service include insurance cover?
When an organisation with a turnover under £20M achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are eligible for Cyber Liability Insurance.
£25K limit of indemnity covering:
Costs to engage Legal, IT Forensics, Data Restoration, Reputational Protection, Notification Costs and Credit and ID Monitoring services following an actual or suspected breach of personal or corporate information, an IT security or system failure
Data Protection Obligations
Insurers will pay:
- Defence Costs in respect of a Regulatory Investigation, and;
- Any lawfully insurable Data Protection Fines that the Company is legally liable to pay in respect of such Regulatory Investigation with regards to a breach of Data Protection Legislation
Damages and Defence Costs arising from:
- An actual or alleged breach of data
- An actual or alleged security failure
- The failure to notify a Data Subject and/or any Regulator of a breach of personal information in accordance with the requirements of Data Protection Legislation
- An actual or alleged breach of duty by the Information Holder in respect of the processing information (for which the Company is responsible) on behalf of the Company
A major breach may well require more than the £25K cover.
How will I show that I have been certified?
Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact. Being able to advertise that you have met a Government approved cyber security scheme will give you an edge over competitors in the same market.
How long does the certification last?
The assessment process is a ‘snapshot’ in time and it can only be sure to be effective on the day of assessment, similar to a MoT on a car. As with the MoT, the car will not remain roadworthy without regular maintenance. We, therefore, recommend that organisations maintain the principles of the Cyber Essentials Scheme on an on-going basis (for example, ensuring that patching always occurs in a timely fashion and that malware protection is kept up to date) and not just prepare for assessment. As a minimum, to retain the certification organisations must recertify at least once a year.
Is Cyber Essentials mandated by the UK Government?
The following governmental organisations mandate Cyber Essentials:
Central Government Procurement
The government requires Cyber Essentials for all suppliers bidding for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.
More information at GOV.UK – Procurement Policy Note 09/14
Ministry of Defence (MOD) Procurement
As of 1 January 2016, all suppliers bidding for new MOD requirements which include the transfer of ‘MOD identifiable information’ should achieve a Cyber Essentials Scheme (CES) certificate by the contract start date.
More information at GOV.UK – DCPP and cyber security controls.
I have a secure website, do I still need to use Cyber Essentials?
A secure website is a great start and may provide a secure link between you and the public. Cyber Essential controls aim to protect the data once it is stored within your systems, meaning it looks at information security on an organisational level and at your business IT network. Whether you choose to get certified is totally up to you and your business needs.
Will Cyber Essentials stop me getting hacked?
The short answer is no. The longer answer is that, when successfully implemented, it can prevent 80% of cyber attacks. We see Cyber Essentials as a first stepping stone towards data protection and information security.
My organisation already complies with a standard in cyber or information security - for example, ISO 27001 or PCI DSS. Should I get Cyber Essentials certified?
Yes. You can gain the badge in addition to other schemes. The process of meeting the requirements of other standards may have included work which meets or partially meets the Cyber Essentials requirements. Drop us a line and we will be able to advise you further. It is intended that compliance with Cyber Essentials will add value to the majority of organisations and demonstrate to customers, partners and stakeholders that you take information security seriously.