NCSC Cyber Essentials to be offered free to some small organisations

NCSC Cyber Essentials to be offered free for some small organisations

Image:
NCSC Cyber Essentials to be offered free for some small organisations

National Cyber Security Centre, the cyber security arm of GCHQ, is to offer 20 hours of free security advice and expert support to some small charities and businesses that offer legal aid services.

The certification programme covers the basics of cyber defences: firewalls, secure settings, access controls, malware and software updates.

Launched seven years ago, Cyber Essentials is a government-backed scheme designed to help organisations put the basics of cyber security in place to defend themselves against the vast majority of attacks, which exploit well known vulnerabilities. It is a requirement for companies working with the public sector.

Offered in two levels, the more advanced Cyber Essentials Plus includes a hands-on technical certification. The programme is delivered through certification body the IASME Consortium.

From 24th January, the new charging structure for a Cyber Essentials assessment will see prices range from £300 to £500 (ex VAT) depending on the company size. It will also introduce a new free tier for small charities and legal organisations called the Funded Cyber Essentials Programme.

To qualify for the free tier, organisations must be classified as a micro or small business (1 to 49 employees) that offers legal-aid services or a micro or small charity that processes personal data, as defined under GDPR.

Such organisations are likely to handle highly sensitive data, for example legal documents or details about the whereabouts of vulnerable people, be the active target of attacks, and at the same time be among the least capable of defending themselves.

NCSC deputy director for economy and society resilience said in a statement: "Charities and legal aid firms do incredible work supporting vulnerable people when they need it most, and that's why it is vital they take steps to protect sensitive data.

"The new Funded Cyber Essentials Programme is a great opportunity for small organisations to gain free assistance with putting key cyber security protections in place. I strongly encourage organisations to register so they can boost their cyber resilience and help reduce the chances of falling victim to a potentially damaging cyber attack."

The costs of the standard Cyber Essentals Programme may not be huge, but Paul Baird, chief technical security officer at Qualys, said offering the certification scheme for free will important for raising awareness of the programme among those that most need assistance.

"These small organisations and charities may never have even heard of Cyber Essentials, so this free support targets the groups that are using all their resources, manpower and money to improve their results. They need help, and making these best practices available for free would help them," he said.