Cyber Essentials
Baseline Cyber Security for Micro Businesses
As your business grows, so do the threats it faces. Cybercriminals are constantly developing more sophisticated methods to target businesses, making it essential to have robust security measures in place. The Cyber Essentials package from CISO Online™ provides comprehensive security solutions tailored for Startup and small businesses.
Take your cybersecurity to the next level. Contact us to learn more about Cyber Essentials.
Explore our Cyber Essentials Package
to find the right fit for your organisation
Prevention is better than cure. Be proactive, not reactive!
Each package consists of two phases
Your CYBERSECURITY journey
SECURITY Uplift
phase 1
SECURITY Operation
phase 2
Explore our Cyber Essentials Package
to find the right fit for your organisation
By choosing the Cyber Essentials package, you are taking a significant step towards enhancing your business’s cybersecurity. This package provides advanced protection that is both comprehensive and effective, ensuring your business can operate safely and securely as it grows. Get started with Cyber Essentials today!
SECURITY UPLIFT in details
Phase 1
Standard protection of your identity, login details and credentials
Cyber Security starts with protectingyour identity. Protectingyour personal and business identity,preserving privacy, maintaining reputation, complying with Privacy ACT, and avoiding financial and legal consequences associated with identity theft and fraud.
How is this achieved?
- Dedicated Adminaccount and user accounts hardening
- Multi-Factor Authentication (MFA)
- Least privilege
Standard email protection against next-gen threats
Email protection is essential for defending against phishing attacks, malware threats, BusinessEmail Compromise (BEC) scams, maintaining business continuity, and preserving reputation andtrust in today’s digital environment.
How is this achieved?
- Standard Email protection and Exchange online protection as a cloud-based email filtering service that helps protect you against spam and malware
Standard computer& laptop protection against viruses, malware and ransomware
Protecting computers and laptops is essentialfor protecting data, defending against viruses & malware threats,ensuring business continuityin both personal and organisational contexts.
How is this achieved?
- Windows Security, providingAntivirus protection, continually update and scans for malware and viruses.
- Identify new malware and blocks it within seconds, offeringrapid protection against emergingthreats
Supervised company-issued devices(PC and Laptops)
Device protection such as laptops,smartphones and tablets is essential for safeguarding Apps and protection for company data on any device preserving privacy, preventing identity theft, enabling remote device management.
How is this achieved?
- Remotely wipe lost or stolen devices(PC and Laptops)
- Supervise and manage M365 apps (Outlook,Teams, OneDrive) on any devices
Standard vulnerability remediation
Vulnerability remediation is a criticalprocess, involving the identification and resolution of security vulnerabilities within your M365 environment. This includes addressing weaknesses that could be exploited by cyber threats in software, systems, or cloud. The goal is to patch, block, or fix vulnerabilities to preventpotential data breachesor system disruptions.
How is this achieved?
- Identify, assess, remediate, and track all your biggestvulnerabilities across your most critical M365 assets, all in a single solution.
Standard log collection
Regular advance log collection is required to detect and mitigate security incidents, enhancingoverall cybersecurity resilience.
How is this achieved?
- M365 unified log collection and centeralised management of audit logs, which includes collecting and processing logs from various sources.
Security Awareness Training
Human error is how most organisations get compromised and hackers are always lookingfor new ways to exploit vulnerabilities and this include humans! To keep your employees educatedon the latest tactics we offer one (1) year of a computer-based cybersecurity awareness training (incl. licenses)
How is this achieved?
- Baseline securityawareness training
- Ongoing monthly videos followed by a quiz to test the users understanding
- Reminders of key lessons learnt from the animated video in the form of an infographic and poster
SECURITY opertion in details
Phase 2
Ongoing vulnerability remediation and monthlyresponse to security events (threathunting) - Standard
Ongoingreactive response to security events in monthlybasis is a critical process,involving the identification and resolution of security vulnerabilities within your M365 environment.
How is this achieved?
- Identify, assess, remediate, and track all your biggest vulnerabilitiesacross your most critical M365 assets, all in a single solution - Standard.
- Monthly reactive response and report to security events
Ongoing Secure Score monitoring and improvement
Ongoing operation leveraging M365 portal capabilities to maintain and improve your secure score.In addition, a monthly Ongoing Security Report is essential for continuous monitoring of emerging threats, proactive risk management, and ensuring regulatory compliance.
How is this achieved?
- Ongoing Secure Score monitoring and improvement with adaptive
- Monthly security report Leveraging M365 portal capabilities to maintain and improveyour security posture.
Ongoing log collection and standard monthlysecurity reports
Ongoing log collection and providing monthly advanced securityreports is requiredto detect and mitigate securityincidents, enhancing overallcybersecurity resilience.
How is this achieved?
- M365 unified log collection and centeralised management of audit logs, which includes collecting and processing logs from various sources.(30 to 90 days)
CISO aS a advisory and ongoing review of the policies -Monthly
Cyber security policies defined in your M365 environment are safeguarding your data and systems from cyber threats. They provide a strategic framework for protecting sensitive information,
ensuring operational continuity, maintaining trust, and complying with legal standards. Updating M365 policies is critical for your securityposture and overall success.
How is this achieved?
- Ongoing review of M365 policies by leveraging our CISO as a Service(CISOaaS) capabilities and experience - Quarterly
Ongoing support for provisioning new users/licenses and updating user credentials
Cyber Security starts with protecting your identity. Ongoing protection of your businessidentity by provisioning new users/licenses and updating user credentials
How is this achieved?
- Ongoing Multi-Factor Authentication (MFA) support
- Updating Conditional Access Policies
- New users and licenses provisioning
Fine-tuning standard email protection policies
Fine-tuning standard email protection policies against the latest threat tactics such as phishing attacks, malware threats, Business Email Compromise (BEC) scams is crucial for maintaining business continuity, and preserving reputation and trust in today’s digital environment.
How is this achieved?
- Updating and fine-tuning standard Email protection policies
Fine-tuning policiesfor M365 Apps protection on Mobile Devices(iOS,Android)
Updating M365 Apps protection policiesfor new devices such as laptops, smartphones and tablets is essential for safeguarding Apps and protection for company data on any device.
How is this achieved?
- Remotely wipe lost or stolen devices(PC and Laptops)
- Fine-tuning policies, supervise and manageM365 apps (Outlook,Teams, OneDrive) on any devices
Updating Security Awareness training plans
Human error is how most organisations get compromised and hackers are always lookingfor new ways to exploit vulnerabilities and this includehumans! Updating SecurityAwareness training
plans are requiredto keep your employees educatedon the latest tactics.
How is this achieved?
- Ongoing Security Awareness training plans
ITS NOT A MATTER IF YOU FACE A CYBER ATTACK, IT'S WHEN!
In today’s digital landscape, Technology plays a critical role in nearly every aspect of your business, offering simple ways to collaborate with your team and engage with customers and drive revenue. This ease of collaboration also increases the risk of cyberattacks. With the recent surge in remote work, the potential for both internal and external security breaches have significantly escalated, heightening the overall risk to your business.
CYBERSECURITY IS CRUCIAL FOR EVERY SIZE AND INDUSTRY!
Recognising the budget constraints faced by SMBs, our partnership with Microsoft as a Cloud Solution Provider (CSP), enables us to offer advanced and scalable cloud-based cyber security solutions and ongoing operations, so SMBs can focus on their core business rather than cyber security challenges.
We have designed Cyber Essentials package tailored to meet the unique needs of micros and small businesses. Our scalable solutions are crafted to fortify your digital environment, enhance your cybersecurity posture and behaviour, and establish a secure collaboration space, allowing you to focus on what you do best.
BE CYBER SMART, NOT
CYBER SORRY!
Secure Score is a measurement of your organisation’s security posture within your digital working environment. It is available for free in your Microsoft 365 tenancy under Microsoft Secure Score. Secure Score acts as a free penetration testing and vulnerability assessment tool, helping your organisation understand the safety of your collaboration environment. It provides an overview of your current risk level while working in a digital environment.
IMprove your Microsoft 365 secure score
- Extreme Risk: 30%
- High Risk: 30% to 50%
- Moderately High Risk: 50% to 69%
- Medium Risk: 65% to 80%
- Low Risk: 80 to 90%
- Very Low Risk: 90%
our cerfitcates
Our cybersecurity team is made up of highly skilled professionals, all certified by leading companies like Microsoft, CISCO, F5, Juniper, and IQS. They stay up to date with the latest industry standards and technologies to ensure your business is protected against the ever-evolving threats in the digital world. With our team on your side, you can trust that your cybersecurity is in expert hands.
our trusted partners
FAQ
ABOUT ‘’Cyber Essentials’’
ciso online’s EXPERT ANSWERS
Why choose our SMB packages?
Understanding the unique cybersecurity needs and budget constraints of SMBs, we offer tailored packages that provide a solid baseline of protection. These packages are designed to ensure you receive the right coverage to safeguard your business while collaborating in a digital environment.
Our packages offer exceptional value for your money. We begin with a free security assessment, eliminating the need for costly penetration testing. Our pre-designed solutions further reduce expenses by removing the need for custom solution design, and our clearly defined deliverables ensure a cost-effective implementation.
Who are our Strategic partners delivering these packages?
Our strategic partnerships with ACSC (Australian Cyber Security Centre), Microsoft, KnowBe4, and NINJIO enable us to deliver comprehensive cybersecurity packages tailored to the needs of SMBs.
As a proud partner of the ACSC, we are trusted and supported by the Australian Government to help uplift the nation’s cybersecurity posture. Through this partnership, we contribute to Australia’s cyber defense and share our expertise, experience, skills, and capabilities with other security professionals. Our collective goal is to make Australian cyberspace secure for all users.
Our partnership with Microsoft as a Cloud Solution Provider (CSP) enables us to offer advanced and scalable cloud-based cybersecurity packages backed by the latest technologies and processes from Microsoft Cloud.
We also understand that cybersecurity is about more than just technology and processes; it’s about people. With over 85% of organisational breaches occurring due to human error, security awareness training is more crucial than ever. In collaboration with industry leaders KnowBe4 and NINJIO, we help protect your digital life by empowering you with the knowledge to establish a human firewall.
Who are our team delivering these packages?
Each package is delivered by a dedicated team of four professionals:
Principal Security Consultant: Provides strategic oversight and ensures that the security measures align with your business objectives.
Senior Security Consultant: Brings in-depth expertise and leads the technical implementation of advanced security solutions.
Security Engineer: Handles the technical execution, ensuring that all security features and configurations are effectively deployed and maintained.
Project Manager: Manages the project timeline, coordinates the team’s efforts, and ensures smooth communication with your organization.
Our team members are highly educated, hold the latest industry certifications, and bring extensive experience from working with large and high-end enterprises, applying this knowledge to benefit SMBs.
What are the phases in Cyber Essentials?
Each package consists of two phases:
CISO Uplift: This initial phase focuses on enhancing your cybersecurity posture and raising awareness within your organisation. It is a one-time implementation effort.
CISO Operation: Following the uplift, this phase centres on ongoing cybersecurity operations and defence. The goal is to maintain a secure environment and continuously address your evolving security needs. This phase is optional if you have an in-house team capable of managing these operations.
How long does each phase take for Cyber Essentials?
CISO Uplift: The uplift phase typically takes about 2 months to complete.
CISO Operation: The operation phase requires a recurring monthly investment and continues for as long as you need ongoing cybersecurity support.
What size businesses do we recommend Cyber Essentials for?
What Industries Do We Recommend Our Packages For?
What Is the Cyber Essentials Package Focused on Protecting?
The Cyber Essentials package is focused on essential cybersecurity measures, including:
Standard Identity Protection: Cybersecurity begins with safeguarding your identity. Your login details and passwords (credentials) are your digital identity and must be properly protected.
Standard Email Protection: Emails are a primary channel for communication and are often targeted in Business Email Compromise attacks. This package ensures your email system is secure.
Standard Device Protection: This includes the protection of your desktop computers, laptops, smartphones, and tablets—key tools for collaborating in digital environments.
Standard Vulnerability Remediation: As the digital landscape evolves, new vulnerabilities emerge. This package addresses the need to identify and mitigate these vulnerabilities regularly.
Standard Security Awareness Training: With over 85% of organisational breaches occurring due to human error, security awareness training is crucial. This package provides essential training to help prevent such breaches.
Can I upgrade from one package to another?
What is included in the security awareness training?
What is the recommended computer for these packages?
What types of reports are included in the security log reports?
Can these packages help with compliance requirements?
Why is it important to protect Office 365 apps on mobile devices?
What mobile devices are supported for managing Office 365 apps?
Can I remotely wipe data from a lost or stolen device?
What happens if an employee leaves the company?
When an employee leaves the company, you can remotely wipe their device or revoke access to Office 365 apps to ensure they no longer have access to company data.
