The Essential Cyber Security Scheme for UK Businesses

UK businesses are increasingly under attack from cybercriminals, but many don’t have the necessary security measures in place to protect themselves.

The Cyber Essentials scheme is a government-backed certification that provides businesses with a basic level of protection against cyber-attacks.

Cyber Essentials certification is a must-have for any UK business!

What is the Cyber Essentials scheme?

Cyber Essential is a government-supported industry-led initiative that provides an effective framework for ensuring companies have a strong cybersecurity strategy.

The cyber essentials initiative will help businesses to have safer internet spaces and to provide more efficient online services to their employees and their staff.

Cyber Essentials can protect your information networks against the most basic breaches and can be installed by a certified partner.

The scheme is designed to help businesses reduce their exposure to the most common cyber threats by implementing well known and basic security practices that will prevent majority of common cyber threats.

It will also provide them with guidance on how to implement basic security controls.

Cyber Essentials is not a silver bullet, but it does provide a good foundation for cybersecurity.

The certification process is straight forward comprising of a self-assessment questionnaire, and or technical audit via cyber essentials partner.

Five Cyber Security measures

There are five basic security controls that you need to implement to protect your business from the most common cyber-attacks:

1. Firewalls

Firewalls are essential for protecting your business from cyber-attacks. You should use a firewall to protect your computer and your network from unauthorized access.

2. Antivirus Software

Antivirus software is essential for protecting your business from malware and other malicious software. You should ensure that all of your computers have up-to-date antivirus software installed.

3. Patch Management

Patch management is essential for keeping your software up-to-date. Patching your software regularly helps to close security vulnerabilities that could be exploited by cybercriminals.

4. User Access Control

User access control is essential for preventing unauthorized access to your systems. You should ensure that only authorized users have access to your systems and that they only have the permissions that they need.

5. Data Encryption

Data encryption is essential for protecting your data from unauthorized access. You should ensure that all of your data is encrypted and that only authorized users have access to the encryption keys.

Cyber security measures like these are essential for protecting your business from cyber-attacks.

Cyber Essentials Certification

Cyber Essentials certification is a government-backed certification that demonstrates that your business meets the cyber security standards set by the National Cyber Security Centre (NCSC).

To become certified, you must pass an external assessment of your cyber security controls.

The cyber essentials partner will review your systems and give you a report outlining any areas where you need to improve the organisation’s cyber security level.

Once you have addressed any areas of improvement, you can apply for and achieve certification.

Becoming certified under the Cyber Essentials scheme shows that you are committed to protecting your business from phishing attacks, malware attacks, cyber fraud – and anything that can compromise sensitive and personal information.

It also provides customers and clients with reassurance that you take their cybersecurity seriously.

Cyber Essentials is mandatory for businesses looking for specific UK government contracts

Tell me the difference between Cyber Essentials Plus Certification?

The main difference between the two, is that the Cyber Essentials is pretty much a self assessed questionnaire that an assessor asks you a few questions about.

The Plus goes one step further and performs an external vulnerability scan, as well as either a remote or onsite vulnerability scan and an assessor that independently verifies different areas of the controls to ensure they match what you have said on the forms.

The cyber essentials plus certification package contains downloadable self-assessment questionnaires and cyber essentials branding tools for businesses including website email and cyber essentials certification valid 12 months upon successful application.

Organizations can use the Cyber Essentials Plus logo on their website and in their marketing materials to show that they are committed to protecting themselves against cyber-attack.

The benefits of Cyber Essentials certification for businesses are:

  • Improved cyber security
  • A competitive advantage over businesses that are not certified
  • Greater customer confidence
  • Reduced insurance premiums
  • Government contracts pre-qualifier
  • Industry supported scheme

Your organization will benefit from the fact that Cyber Essentials will show that you take security seriously, not to mention that Government tenders and other Public services all require Cyber Essentials in order to be considered.

Insurance companies are quickly starting to require Cyber Essentials as part of insurance, or offer discounted premiums, major search engines prefer websites that have been certified by a credible cyber security scheme; subjected to a technical audit, vulnerability scan, and assessment process.

Cyber Essentials provides clear guidance; technical controls and protection – that sets out a cyber security requirement that enables organisations to protect organisations from cyber-attacks.

Why Cyber Essentials is important for SMEs?

Any organisation can be vulnerable to cyber-attacks. Most of the cyber criminals or “bots” the scour thousands of systems per minute, they do not necessarily know how big or small you are.

Suppliers and third parties are also part of the wider ecosystem. The ecosystem is interconnected. Cyber security breaches are felt throughout the supply chain for micro-businesses.

To prevent cyber terrorism and other forms of cyberattack, larger organisations or new business have to identify and implement key controls following an on-site assessment.

The Cyber Essentials Certification process

The first step is to take a look at the Cyber Essentials Self Assessment Questionnaire or contact a company that specialises in Cyber Essentials.

Once the assessment has been completed, the Certification Body will provide you with a Cyber Essentials Certificate if you are compliant.

You can then proudly display your Cyber Essentials Certificate on your website and in other marketing materials to show that your business is committed to cyber security.

The Cyber Essentials scheme is a simple but effective way for businesses to protect themselves against the most common cyber-attacks.

If you are not already certified, we strongly recommend that you consider doing so.

It could be the difference between surviving a cyber-attack and becoming another statistic.

Do you need help with your assessment?

Some questions in Cyber Essentials self-assessments are very hard to comprehend if one isn’t technically skilled in computer technology or has a complicated organisation structure.

Here at Just Gilbey Managed IT Solutions we have cybersecurity experts who can help you understand these evaluation questions related to your company and the steps you must take to obtain certification.

As part of our managed solutions, we already put in place procedures and solutions that are Cyber Essentials aligned and therefore offer a discount on Cyber Essentials certification, as well as your day to day IT Support and Office 365 subscriptions, all included into 1 monthly price.

Eliminate the threat

Reach out to a certified body for a technical audit or opt for the self-assessment option today!

Regardless of choice, you must have a clear picture of the controls required to safeguard your organisation and eliminate the risk of cyber-attack.


What is included in Cyber Essentials?

The Cyber Essentials scheme is a government-backed cyber security certification that provides UK businesses with a basic level of protection against cyber-attacks.

Is Cyber Essentials worth having?

Yes – it demonstrates to your customers that you take cyber security seriously and have taken measures to protect their data.

It can help you win tenders for government contracts, as many government agencies now require contractors to be

What is the difference between ISO 27001 and Cyber Essentials?

ISO 27001 is a comprehensive international standard for information security that helps organizations protect their information and systems. In a nutshell it is a risk management system

Cyber Essentials is a government-backed cyber security certification that provides UK businesses with a basic level of protection against cyber-attacks. It is a lot “smaller” than ISO 27001 but the guidelines are non negotiable.

For example: Under ISO27001, a company may choose that to not patch/update their systems within 14 days and instead opt for 30 days and deem this an acceptable risk.

This same company would fail Cyber Essentials as the requirement is that all systems must be updated within 14 days for security related bugs/issues

Leave a comment