The Cyber Essentials certification is crucial for charities in today's digital landscape. It provides a robust framework for protecting sensitive data, maintaining donor trust, and ensuring operational continuity in the event of a cyber attack or data breach.
As mentioned in our previous blog post about the importance of cyber security for charities, a third of all charities have experienced a cyber breach over the previous 12 months - and this number is set to rise this year.
It is of vital importance that trustees and the charity’s board understand both the growing dangers of cyber security and the importance of the Cyber Essentials scheme. However, for organisations which are not technically-minded, it can seem daunting and confusing. There are many different IT organisations that can help a charity to go through the Cyber Essentials process, but it can be difficult to know who to work with.
What is the Cyber Essentials scheme?
The Cyber Essentials scheme is a Government-backed certificate, which is run by industry-body IASME, which shows your stakeholders, donors and supply chain that you take cyber security seriously and have protocols in place to help minimise cyber breaches and attacks.
There are two levels of certification your organisation can achieve:
Cyber Essentials is an independently verified self-assessment covering five basic control measures and all the self-assessment questions are available to download for free in advance.
You then have this verified by IASME, which has a sliding scale of payments for different size businesses. The cost starts at £320+VAT for a micro-business and there’s a sliding scale for larger businesses, up to £600+VAT.
Cyber Essentials Plus covers the same five basic control measures as the Cyber Essentials assessment, but a qualified assessor examines the same five controls, testing that they work through a technical audit. Cyber Essentials Plus is more expensive but provides a much greater level of assurance for both you and your customers.
IASME states that the Cyber Essentials Plus certification requires dedicated time from technical experts, who will give each business a quote. They state that estimated costs for a micro-business would be around £1400.
NWCRC Cyber Partners
We work with a number of Cyber Partners, all of which are able to carry out the Cyber Essentials certifications, and give overall cyber security advice to charities.
We recommend getting a number of quotes and speaking to cyber partners first before making a final decision.
“When choosing a cyber partner, we’d recommend opting for an NCSC assured Cyber Advisor. These providers have met the National Cyber Security Centre’s strict quality and security standards specifically in advising how you can achieve the Cyber Essentials requirements.
You should also opt for a business that treats your certification route as a partnership – not a project. The security of your business is much too important to be considered as a simple ‘project’. Your Cyber Partner should seek to understand your business and its processes, not just offer generalised advice.
Finally, make sure your Cyber Partner offers the level of support you’d require throughout the certification process. There are different methods of working towards your certification, make sure you discuss and ensure that this matches your requirements. You may prefer a different level of support depending on your current cyber security knowledge.”
Jamie Robson, Professional Services & Cyber Security Manager at Aindale KTD
What are the benefits for charities on getting the Cyber Essentials certification?
Enhanced security and risk mitigation
Cyber Essentials helps charities implement essential cybersecurity measures, significantly reducing the risk of common cyber attacks. This is particularly important as charities often handle sensitive data and may have limited resources for cybersecurity. By focusing on five core controls - firewalls, secure configuration, security update management, user access control and malware protection - charities can effectively address their most critical vulnerabilities.
Access to funding and contracts
Cyber Essentials certification is often a prerequisite for government contracts and can be a deciding factor for grant funders. This opens up new opportunities for collaboration and funding, which can be crucial for a charity's growth and impact.
Safeguarding sensitive data
Charities often handle sensitive information about vulnerable individuals, as well as financial information from donors. Cyber Essentials certification ensures that this data remains confidential and secure, protecting both the charity and its beneficiaries from potential breaches.
Cost-effective security strategy
For charities operating on limited budgets, Cyber Essentials offers a cost-effective way to implement a robust cybersecurity strategy. It provides a clear framework for prioritising security efforts, ensuring that resources are used efficiently.
Compliance and due diligence
Achieving Cyber Essentials certification demonstrates compliance with basic cybersecurity standards and shows due diligence to trustees, regulators and other stakeholders. This can be particularly important in meeting legal and ethical obligations related to data protection.
There are also some useful resources on the NCSC website about Cyber Essentials: https://www.ncsc.gov.uk/cyberessentials/resources
Charities in the North West can contact our cyber experts for advice and guidance around Cyber Essentials certification.
Comments