Skip to main content

Cyber Essentials

Developed and launched by the UK Government, the Cyber Essentials scheme offers organisations an easy way to prevent the more common cyber threats. Demonstrate your commitment to Cyber Security and implement a basic level of assurance within your organisation.

Demonstrate your commitment to Cyber Security

Cyber Essentials is a Government-backed certification required as the minimum standard for UK Government suppliers or organisations bidding for Government contracts which handle any sensitive or personal information. Compliancy also helps you to meet the security requirements of the General Data Protection Regulation (GDPR).

The two levels of certification aim to ensure that organisations of all sizes have the knowledge and understanding to implement fundamental IT Security measures. 

Implementing these measures will help your organisation mitigate risk, keeping your infrastructure and data secure. Holding Cyber Essentials or Cyber Essentials Plus Certification demonstrates that your organisation meets necessary security standards and has implemented appropriate measures to minimise risks.

Basic security controls required for Cyber Essentials certification

Management of software patches & updates

Cyber Essentials certification requires that you keep your devices, software and apps up-to-date – also known as ‘patching’ or ‘patch management’.

Secure connections to the internet

To achieve Cyber Essentials certification, you need to ensure that all your internet-connected devices are protected by a firewall, a virtual boundary that protects your system and devices from incoming threats.

Secure devices & configurations

Secure configuration just means making sure you’ve opted for the best security settings on your devices and software.

Controlled access to devices & data

Effectively managing user privileges helps reduce the risks in the event of a cyber security threat, as it reduces an attacker's lateral movements if they successfully breach your network.

Protection from viruses & other malware

You need to prove you are doing what you can to avoid Viruses, malware, ransomware, Trojans, worms and malicious code from entering your systems.

Levels of Cyber Essentials certification

Cyber attacks cost companies millions of pounds each year and create long periods of downtime and disruption which can have significant implications for businesses.

The two Cyber Essentials certifications address the basics and show you how to protect against the most common attacks.

Cyber Essentials certification

Recommended for those businesses which need a starting framework for their cyber security, Cyber Essentials involves a self-assessment questionnaire and provides basic level security measures to protect your income, resources, clients and reputation. It is designed for small businesses which need to start with a foundation level of protection. 

What Does Cyber Essentials Certification Involve? 

Cyber Essentials Involves a self-assessment questionnaire which is focused on your organisation's policies, procedures and the security measures applied to external-facing servers (website, emails, etc). Your responses will then be reviewed by our consultants.

Cyber Essentials Plus

The Cyber Essentials Plus certification is regarded much more highly than the standard Cyber Essentials certification, not only due to the certifications being much more thorough but also because it is mandatory for government contracts.

However, achieving this certification demonstrates to your clients and business partners that you take data protection seriously, have adequate protection for their information as well as your own and have made a conscious effort to increase your cyber defences.

What Does Cyber Essentials Plus Involve?

Like the standard Cyber Essentials certification, Cyber Essentials Plus requires a self assessment questionnaire, but also involves a Vulnerability Scan which will identify any vulnerabilities which exist in your networks. 

Clients we've helped

Our expertise. Your questions answered

What’s the easiest thing to implement in my office?

There are many controls every organisation should put in place to ensure good defence against cyber threats - from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like Penetration Testing and Phishing Assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cyber criminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right.

Am I investing my Cyber Security budget correctly?

You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in.

How do I educate my team to handle cyber threats?

The cyber threat is ever-changing and even with the best technical defences in place, the end-users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Like knowing where to invest your budget, how you train your team also starts with understanding your specific threats.

What do I do when something goes wrong?

Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation. 

Contact us

If you would like further information, discuss your requirements, get a free no obligation quotation or just a friendly chat on how we could possibly help please fill in the details below and one of our team will get back to you as soon as possible.
Tick the box to receive regular updates and industry insights