Cyber Essentials
We provide Cyber Essentials and Cyber Essentials Plus under the IASME consortium, the official government partner
Show you're serious about cyber
How can you show your customers and prospects that their financial, personal and company data is safe in your hands? With recent government figures revealing that breaches or attacks have been identified in almost a third of UK businesses in the last year, customer concerns about the security of their data has never been higher.
A UK Government Cyber Essentials accreditation provides reassurance that you are taking proactive steps to combat cybercrime. It gives you a clear indication of how well armed you are against cyber threat — and it’s increasingly a mandatory requirement when tendering for new contracts.
Cyber Essentials Packs & Pricing
Cyber Essentials
This self-assessment process provides a framework for ensuring the five key technical controls (secure internet connection, secure configuration, malware protection, user control and up-to-date devices and software) are correctly in place. Once the survey is completed in the online portal, we’ll audit the documentation.
£1800
Cyber Essentials Plus
Once you’ve achieved Cyber Essentials, you can progress to Cyber Essentials PLUS certification. It’s a thorough assessment of your organisation and includes a technical review of your infrastructure, with verification carried out by our Cybersecurity specialists remotely. The external vulnerability scan will include patch auditing, malware testing, web/email assessments.
£2600
The Five Cyber Essential Technical Controls
Creating a buffer between your IT network and other external networks, a firewall protects your internet connection, analysing incoming traffic to identify whether access should be allowed to your network.
Cyber Essential Certification Requirement - A firewall must be configured and used on all devices, particularly those connected to public or untrusted Wi-Fi networks.
Default configurations of new software and devices are set to be as easy as possible to connect and use, which creates vulnerabilities if left unchanged. Settings should be checked, disabling and removing uneccessary functions and services, while default passwords should be updated before deployment. 2FA (Two-factor authentication) should be used for the most data sensitive accounts.
Cyber Essential Certification Requirement - Only necessary software, accounts and applications are used.
In allowing access to those — and only those — accounts (software, settings, services and functions) that your people need in their specific job role, the risk of potential damage can be minimised.
Cyber Essential Certification Requirement - Access to your data must be controlled through user accounts, with controlled administration level privileges given only to your people who specifically need them.
Malware — including ransomware and viruses — comes from a range of sources, including infected email attachments or USB memory sticks. Anti-malware measures are included within the most popular operating systems. Malware can be introduced to a network when a rogue application is downloaded, so white listing, giving users the ability to install and run only applications authorised by the administrator, offers good protection. Sandboxing, running an application in an environment with restricted access to the rest of your devices and network, helps keep your data beyond the reach of malware.
Cyber Essential Certification Requirement - At least one approach, anti-malware measures, whitelisting or sandboxing must be implemented.
Operating systems and applications become vulnerable if they are not up kept to date. In order for patches, whether new features or fixes to security vulnerabilities, to be applied, your operating systems, programmes, phones and apps should be set to "automatically update" where possible. When no longer supported, systems and applications should be considered for replacement.
Cyber Essential Certification Requirement - Devices, software and apps must be kept up to date.
Why Chess
Chess are acknowledged experts in the assessment of threat and vulnerabilities in IT estates.
As a Certification Body for the Cyber Essentials scheme, we’re able to offer the same level of expertise to businesses of all sizes and sectors.
IASME & CREST Accreditation
We provide Cyber Essentials and Cyber Essentials Plus under the IASME consortium, the official government partner. We’re also certified by CREST which demands stringent standards, including appropriate levels of quality assurance processes; security controls; security assessment methodologies meeting CREST’s additional qualification criteria; signing of an enforceable Code of Conduct and proven access to technically competent, qualified staff.
