The ECRC is really proud to announce that three of our partners have been awarded the Cyber Advisor (Cyber Essentials) accreditation. This is an NCSC accreditation that will allow them to work with customers to help them obtain the Cyber Essentials certification themselves.

All of our Trusted Partners are able to certify Cyber Essentials and a number of them have now become additionally accredited by the National Cyber Security Centre to provide the Cyber Advisor service. At the time of writing the 3 partner companies are 3B Data Security, Mass, and Principal Defence.

Cyber Advisors will be expected to help organisations by:

• Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT identifying where it fails to meet the Cyber Essentials controls.
• Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take.
• Working with the business to agree remediation activities.
• Planning remediation activities that align to the risk and business priorities.
• Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities.
• Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.

What is Cyber Essentials and how can it help you?

Cyber Essentials is a simple and effective UK Government-back scheme designed to help protect organisations from the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.

Implementing the controls suggested means that 99% of common cyber-attacks will be fully or partially mitigated! And some of these controls aren't complicated or expensive.

99% is not 100% that is true, but in today’s world of ever-changing threats and new technology there is no solution where you will be 100% protected, unless you never use a computer at all, which for a business, no matter what size you are is rather unlikely.

Cybercrime is increasing and affects all types and sizes of businesses, even smaller ones. And all certified organisations can take advantage of the free £25000 cyber insurance which is provided.

But don’t just listen to us - see what one organisation in our region said about how useful they found the included incident response service after they had suffered a cyber-attack.

‘For anyone who doubts the value of Cyber Essentials this will hopefully clear any misgivings they may haver. Firstly, the professionalism of the services provided by all those connected with the insurance claim was first class and put the client’s mind at ease. Secondly the ICO’s acknowledgement by following Cyber Essentials, the Trust had taken appropriate measures in its protection of data is good to know.’

DPO for Education – an organisation that supported the school through the attack, and a partner of the Eastern Cyber Resilience Centre went on to say.

‘(Cyber Essentials) is not the silver bullet. However, in this example, the £450 spent on Cyber Essentials scheme has proven to be great value and we will continue to urge all organisations to consider it.’

What should I do next?

Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your firm’s cyber resilience and can offer guidance to free tools that you can implement straight away. What’s more, we will enrol you on a free program called Little Steps, which will help you prepare for the Cyber Essentials certification process, should you wish to do so.

Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide technical help if required.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free. When you join our community, you get:

• Threat alerts both regionally and nationally
• Signposting to free tools and resources from both Policing and the NCSC
• Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience.
• Discussion area to meet and talk to other companies in the region and our partners.
• Support from the ECRC team
• Free App – search for ECR Centre on both stores
• Free giveaways if you refer in your supply chain to join the centre

We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed especially for small and medium businesses. So, when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.

Reporting Cyber Crime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad)