The ECRC is proud to announce that four of our partners have been awarded the Cyber Advisor (Cyber Essentials) accreditation. This is an NCSC accreditation that will allow them to work with customers to help them obtain the Cyber Essentials certification themselves.

All of our Cyber Essentials Partners are able to certify Cyber Essentials and a number of them have now become additionally accredited by the National Cyber Security Centre to provide the Cyber Advisor service. At the time of writing the 4 partner companies are Mass, Spritzmonkey, 3B Data Security, and Principal Defence.

What is the Cyber Advisor scheme?

The Cyber Advisor scheme is delivered by the NCSC in partnership with ,IASME. It aims to provide small and medium sized organisations with reliable and cost-effective cyber security advice and practical support. The focus of that advice and support will be on the implementation of the technical controls set out in ,Cyber Essentials. This approach will improve the cyber security of small organisations and reduce the likelihood of the most commonly experienced cyber-attacks. Find out more here: Cyber Advisor - NCSC.GOV.UK

Cyber Advisors will be expected to help organisations by:

• Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT identifying where it fails to meet the Cyber Essentials controls.
• Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take.
• Working with the business to agree remediation activities.Planning remediation activities that align to the risk and business priorities.
• Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities.
• Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.

We spoke to one of our Cyber Essentials Partners, Mass, about becoming an accredited Cyber Advisor:

“This is a great initiative by the NCSC in partnership with IASME. It gives us an opportunity to do what we do best – help businesses keep their security networks safer and more resilient against the ever-growing

cyber threat across the globe. We look forward to working alongside

small businesses by giving them access to our certified Cyber Advisors who are always keen to share their knowledge and experience as needed by customers.”

Jack Stark, Mass CIO

What is Cyber Essentials and how can it help you?

Cyber Essentials is a simple and effective UK Government-back scheme designed to help protect organisations from the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.

Implementing the controls suggested means that 99% of common cyber-attacks will be fully or partially mitigated! And some of these controls aren't complicated or expensive.

99% is not 100% that is true, but in today’s world of ever-changing threats and new technology there is no solution where you will be 100% protected, unless you never use a computer at all, which for a business, no matter what size you are is rather unlikely.

Cybercrime is increasing and affects all types and sizes of businesses, even smaller ones. And all certified organisations can take advantage of the free £25000 cyber insurance which is provided.

But don’t just listen to us - see what one organisation in our region said about how useful they found the included incident response service after they had suffered a cyber-attack.

‘For anyone who doubts the value of Cyber Essentials this will hopefully clear any misgivings they may haver. Firstly, the professionalism of the services provided by all those connected with the insurance claim was first class and put the client’s mind at ease. Secondly the ICO’s acknowledgement by following Cyber Essentials, the Trust had taken appropriate measures in its protection of data is good to know.’

What should I do next?

1. Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your firm’s cyber resilience and can offer guidance to free tools that you can implement straight away. What’s more, we will enrol you on a free program called Little Steps, which will help you prepare for the Cyber Essentials certification process, should you wish to do so.
2. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.
3. Tell us when you are ready and we can refer you to one of our Cyber Essentials Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide technical help if required.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free. When you join our community, you get:

• Threat alerts both regionally and nationally
• Signposting to free tools and resources from both Policing and the NCSC
• Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience.
• Discussion area to meet and talk to other companies in the region and our partners.
• Support from the ECRC team
• Free giveaways if you refer in your supply chain to join the centre

We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed especially for small and medium businesses. So, when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.

Reporting Cyber Crime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online.

Forward suspicious emails to report@phishing.gov.uk.

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad)