e2e-assure renews Cyber Essentials Plus certification

We’re pleased to share that, earlier this month, e2e-assure renewed their Cyber Essentials Plus (CE+) certification. We’ve held the Cyber Essentials certification since it started, evidencing the continued commitment of our teams to ensure we uphold (and exceed) best practice in cyber security.

Every year the requirements to achieve Cyber Essentials changes, in line with the ever-changing threats and best practice to combat these threats. Changes brought in on the 24th of January 2022 saw the biggest overhaul with regards to technical controls since the schemes launch in 2014, reflecting the heightened risk and complexity of cyber threats today.

The changes

2020 saw most organisations move to full remote working in response to the pandemic and since then many have either stayed fully remote, or continue to keep an element of remote working alongside office-based. Whilst this move has been great for a lot of employees, it naturally brought about higher security risks and this year saw home working devices added to the scope of Cyber Essentials.

Alongside home working devices, many organisations accelerated their migration to the cloud and whilst the cloud is inherently secure, it still requires the right set up. It is the responsibility of the ‘cloud tenant’ (i.e. organisation consuming the services) to ensure the recommended security settings from the cloud provider (e.g. AWS, Microsoft etc.) are in place. With the increased move to cloud services, Platform as a Service (PaaS) and Software as a Service (SaaS) were included in the new requirements, with a particular focus on user access control and secure configuration of the services.

Then final significant change is that Multi Factor Authentication (MFA) is a requirement for access to cloud services.

Summary

As the name suggests, Cyber Essentials is important (some might say essential) for organisations to check that their cyber security adheres to best practice. We always recommend that every organisation starts with Cyber Essentials – even the smallest start-up should familiarise themselves with the requirements and work towards it, with the aim to then get externally technically validated for Cyber Essentials+.

We would also like to thank Capital Networks for their work in assessing us and would recommend them to others looking to achieve their Cyber Essentials+ certification.

Written on February 25, 2022