The accreditation which mitigates 80% of cyber threats

Cyber Essentials Support

Demonstrate that your digital risks are managed

What is Cyber Essentials?

Cyber essentials is a government and industry-backed scheme to help all organisations protect themselves against common cyber-attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) and Information Security Forum (ISF) they have set out basic technical controls for organisations to use which is annually assessed.

Once an organisation is fully compliant they receive a certificate to indicate to current and potential stakeholders that they have safety measures in place. Currently, there are two levels of certification which are available being:

  • Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan. Defends against common attack vectors that target enterprise-level and corporate IT systems.
  • Cyber Essentials Plus is a certification level recommended for businesses to demonstrate a higher level of security assurance. This includes all of the Cyber essential assessments but includes an additional internal scan and an 
    on-site assessment.

Whats included in Cyber essentials

If working correctly, firewalls and gateways provide a basic level of protection for internet users. Monitoring all network traffic, identifying and block traffic which can be harmful. If your firewalls are weak, not updated or are failing to detect harmful websites, it makes your business vulnerable.

Cyber essentials objective is to:

  • Ensure that only safe and necessary network services can be accessed from the Internet.

This refers to the security measures put in place when implementing infrastructure of computers and network devices. You may be vulnerable if you use default passwords user accounts on devices, leave ports open on firewalls or data is not encrypted.

Cyber essentials Objectives are to:

  • Ensuring that systems are configured in the most secure way for the needs of the organisation

Unknowingly or deliberately, employees are an organisations biggest threat in regard to cyber security. You should have a user account management system in place which manages employee privileges.

Cyber essentials objectives are to:

  • Ensuring only those who should have access to systems to have access and at the appropriate level.

Pretty self-explanatory but your business should have anti-malware software installed on all devices connected to the internet. However, you need to ask ‘How do we know our systems are up to date in order to deal with the latest threats?' and 'who is maintaining it?'

Cyber essentials objective is to:

  • Restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data.

This refers to how up-to-date the software on your systems are. Using an old operating system such as Windows XP makes you more vulnerable to an attack. A mistake which the NHS had made resulting in their huge hacking incident taken place last year.

Cyber essentials objective is to:

  • Ensure that devices and software are not vulnerable to known security issues for which fixes are available.

You can complete a self-assessment questionnaire to see how your business currently measures up against the five
security controls.



Giving you a competitive advantage over others within your industry, since you can offer unparalleled security and lower risk solutions to your stakeholders.



Take away the fear of cyber attack knowing you have implemented best practices to prevent 80% of attacks.



Be able to bid for UK Government contracts that involve the handling of personal and sensitive information, and increase your chances of securing business within the private sector.



Insurance agencies look favourbly on SME's with Cyber Essentials. As you can prove that measures are in place to optimise security and reduce the chance of a cyber attack.

Why is Cyber Essentials vital to your business?

Cyber Essentials is a great way to demonstrate to stakeholders of all levels that you are dedicated to keeping their data safe. Thus giving you a competitive advantage over other within your industry, since you offer unparalleled security and lower risks.

Having Cyber Essentials also increases your opportunities for gaining government contracts that involve the handling of personal and sensitive data.

By being fully Cyber Essentials compliant mitigates 80% of the risks faced to your business such as malware infections, social engineering attacks and hacking.

How long does it take to be Cyber Essentials certified?

We’ll perform an audit, and based on what we find we’ll provide a roadmap and make recommendations that help you prepare for the Cyber Essentials certification assessment.

Since cyber threats are on-going, we can also provide our managed Cyber Security services to bolster your on-going response to the cybersecurity challenge.