Cyber Essentials Plus vs Cyber Essentials – what’s the difference?
You might have already laid the groundwork for effective cybersecurity defences and secured your Cyber Essentials certificate. But did you know that once you’ve had your accreditation for over three months, you can upgrade to a more stringent certification that amplifies your defence settings?
Achieving Cyber Essentials Plus should be the next step in your cybersecurity strategies.
Cyber Essentials Plus goes beyond the fundamental protections available within the initial CE accreditation. It requires more rigorous testing and includes a hands-on technical verification by our trained experts to identify (and rectify) any internal or external vulnerabilities.
It follows the same, easy-to-understand approach and remains focused on the same five areas of concern. But thanks to the technical audit, you can verify that your CE controls are in place and working as they should.
Within your CE+ application, you will undertake a vulnerability scan and have an on-site assessment of your systems. This may include a review of your policies, procedures and technical controls.
The independent assessor will likely
- Select a sample of computers to confirm that all devices are configured according to the CE standards.
- Conduct a vulnerability scan to confirm that the patching and basic configuration is correct.
- Conduct an external port scan of your internet-facing IP addresses to identify if there are any clear misconfigurations or vulnerabilities.
- Test your default email/internet browser to confirm if they can identify any fake or malicious files.
Our knowledgeable team will guide you through the process and provide you with the insights you need to make a business case for investing in Cyber Essentials Plus.
Is Cyber Essentials Plus right for your business?
In an ideal world, all businesses throughout Suffolk should benefit from Cyber Essentials Plus.
You can never have too many security settings in place – and the more proactive testing you do, the more confident you can be that your defences will protect you from harm.
But we’re realists.
Cyber Essentials is excellent for small businesses, especially those with limited budgets. Suppose you’re working on a small system, and you only have one or two users. In that case, the fundamental safeguards through CE will give you suitable protection.
We recommend Cyber Essentials Plus for larger firms, especially those working across multiple sites or those who regularly provide access to their systems to third-party contractors. Perhaps your corporate IT systems are more complex, or you handle vast quantities of confidential data. If so, CE+ will give you more substantial reassurance that you are doing everything you can to protect yourselves from harm.
Cyber Essentials and Cyber Essentials Plus certificates are only valid for twelve months.
You will need to review and reassess your accreditations each year to remain certified.
At Lucid Systems, we take the time to get to know you.
We understand your systems, how you work, and what you need your IT to do. But beyond that, we take the time to understand what your customers and stakeholders expect from you.
From there, we can make suitable recommendations for continual improvements explicitly designed for you. Thanks to our proactive monitoring and maintenance of your systems, you can be confident that your cybersecurity defences are always effective and up-to-date.
