Cyber Essentials

Understand your risk and take action to protect your organisation against cyber attack with Cyber Essentials auditing and certification.

What is Cyber-Essentials?

Cyber Essentials is a set of basic security controls designed by the UK National Cyber Security Centre (NCSC) to make it easier for organisations of all sizes to protect themselves against common online cybersecurity threats.

Cyber Essentials or Cyber Essentials plus certification is now mandatory for organisations in the UK Government supply chain, but also highly beneficial for any organisation as it demonstrates a commitment to, and awareness of, Cyber Security risks.

What are the advantages of Cyber Essentials Certification for my business?

It is a sad reality that operating in business today requires awareness and mitigating actions against cyber security threats.

The Cyber Essentials scheme brings a number of benefits to businesses looking to get certified and work in a cyber aware manner.

In order to pass certification, your business must address the 5 key security controls detailed below.

Cyber Essentials Benefits

Reassure customers that your business takes Cyber Security seriously, working to protect your IT systems and the data it holds from cyber attack
Some Government contracts require Cyber Essentials or Cyber Essentials PLUS certification
Gain a clear picture of your organisation's Cyber Security level and risks
Attract new business by demonstrating you have Cyber Security measures and controls in place
£25,000 of Cyber breach insurance provided upon successful certification (for business turning over less than £20,000,000), or reduced premiums for larger businesses
Demonstrate that you care about and protect your clients data in line with the GDPR legislation

Cyber Essentials - The five key security controls

Secure your devices and software
Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities. Change default passwords and user account names, and for privileged accounts enable features such as 2FA (two-factor authentication).
Secure your Internet connection
Confirm that all internet connections used in your business are protected with a firewall, creating a secure gateway between your IT systems and external networks (such as the Internet).
Confirm that only safe and essential network services can be accessed from the Internet and that all devices that connect directly to the internet have a personal firewall installed and correctly configured.
Control access to your data and services
Confirm that user accounts are assigned to authorised individuals and that each user has an individual and identifiable account to access your network and data. User privileges and permissions should be carefully managed in line with the "Principle of least privilege" to minimise damage should an account become compromised.
Keep your devices and software up to date
Confirm that all devices and software are up to date at all times and not vulnerable to known security issues for which fixes are available.
No matter what type of phones, tablets, laptops or computers your organisation uses, it’s important they are kept up to date. This is true for both Operating Systems and installed applications or software.
Protect from viruses and other malware
Restrict the execution of known malware and untrusted software. Virus and Malware protection software should be installed and kept up-to-date.