Cyber Essentials

This article contains links to third party websites, CSC is not responsible for the content of these sites.

Cyber-attacks can be very costly and disruptive to businesses of all sizes, if they are not properly protected, and there are constant threats to Manx businesses from phishing attacks, ransomware and malicious software.

Cyber Essentials is an easy way to protect small and large organisations on the Isle of Man: it’s a simple, low-cost but effective scheme to help protect your organisation against a whole range of the most common cyber-attacks. 

It’s easy to get started and the Isle of Man Government offers a 50% discount for eligible businesses.  

What is Cyber Essentials?

Cyber Essentials is a set of basic technical controls organisations should have in place to protect themselves against common online security threats.

Organisations self-assess their systems, and then complete an online assessment. The online assessment is marked by a Cyber Essentials Assessor who provides feedback on any areas where improvements could be made.

Cyber Essentials is suitable for all organisations, of any size, in any sector.

Why should you get Cyber Essentials?

• Reassure customers that you are protecting their data by continually improving your IT security
• Attract new business with the promise that you have strong cyber security measures
• You will have a clearer picture of your cyber-security level and risks
• You're able to publicise your organisations accreditation on your website and on social media, etc.
• you may even be eligible for 12 months of free cyber liability insurance

What are you assessed against?

• Firewalls - Ensuring you have sufficient protection for your devices and networks from Internet-based threats.
• Secure configuration - Changing all default passwords, removing redundant accounts and setting up device locking, etc.
• Security update management – Ensuring all hardware and software is kept up to date and that patches are implemented in a timely manner.
• User access control – Giving users access only to the resources and data necessary for their roles.
• Malware protection – Protecting against threats such as viruses and other malicious code on all your devices.

These five security controls might appear quite daunting to smaller businesses but many of the security measures are low-cost and may already be in place, not yet applied or realised.

What does Cyber Essentials Plus involve?

Cyber Essentials Plus still has the same simplicity of approach and the protection you need to put in place are the same, but a hands-on technical verification is carried out.

There are local businesses that can assist, provide consultancy and conduct assessments so there is no necessity to bring a company over.

Funding and Accreditation

Funding may be available through the Department for Enterprise’s Business Improvement Scheme (BIS). To find out more about the BIS, please visit: www.iomdfenterprise.im/bis.  Some assessors may offer a renewal discount for successive years for returning customers.

Accreditation lasts for 12 months before another assessment is required. This might seem quite a short amount of time, however, technology and security threats move and adapt very quickly so it is important that you can prove you have kept your controls up to date.

To find out more about the Cyber Essentials and Cyber Essentials Plus accreditations, please visit:

• UK NCSC Cyber Essentials FAQ: https://www.ncsc.gov.uk/cyberessentials/faqs
• IASME (Accreditation Body): https://iasme.co.uk/cyber-essentials

More information and a downloadable self-assessment questionnaire can be found here: https://iasme.co.uk/cyber-essentials/