Cyber Essentials – What is it and why is it important?

George Binns Date published: Nov 07, 23

Cyber Essentials is a government scheme covering basic technical controls that companies use to protect themselves from common online security threats and weaken any vulnerabilities. The scheme can be used by any company regardless of size or sector, to help guard against common cyber-attacks.

Cyber Essentials (CE) is also the name of the basic level of certification which is a self-assessed accreditation. The self-check gives companies peace of mind that their cyber security protocols work as intended, have no vulnerabilities, and thus protects them from most cyber-attacks as the attackers will target those with weak systems.

CE Plus is the next level of certification, this one requires a technical verification conducted by a third party and provides an external guarantee of familiarity with technology and cyber security. The IASME consortium helps with the certification for the CE plus, thus ensuring that the certificate is legitimate, providing the extra level of assurance in the security of the system.

What are the 5 pillar requirements for the Cyber Essentials certifications

Firewalls – must protect every device in scope with a correctly configured security system or a network device with firewall functionality. Access to the interface through said firewalls must then be protected either by Multi Factor Authentication or an IP allow list with a small number of trusted employees.

Secure Configuration – your organization's computers and network devices must be proactively managed. These then must regularly disable unused user accounts, change any default passwords, ensure users are authenticated before they gain access to data and even make sure the device has the proper locking controls.

Security Update Management – must make sure all the software in scope is kept up to date. Meaning all the software on said devices are licensed and supported, removed when it becomes unsupported, and has automatic updates enabled when possible ( ideally within 14 days of update release )

User Access Control – the organization must be in control the user accounts and the access privileges for the organization's data and services. Therefore, there needs to be a process for crate and approve user accounts, implement MFA where available, change or disabling privileges and even authenticate users before giving them access to any form of company data.

Malware Protection --  there must be Malware protection for every device in scope and additionally allow only certain applications to execute on devices. Some tasks malware software needs to be able to perform could be preventing malware running or prevent connections to malicious websites over the internet.

 There is a test your readiness toolkit on the website  -- Cyber Essentials scheme: overview - GOV.UK (www.gov.uk) to check how your company would fare on the Cyber Essentials Inspection.

What are the benefits of having Cybers Essentials certification?

• Cost effective for the SME’s ranging from £300 to £500 dependant on the size, as well as being able to self asses on your own terms. Come with high applicability not just within the UK, some government and high-level contracts may require it. Plus, it allows for listing in the directory of organisations with cyber awareness which can elevate against competitors and bring better attraction for new businesses.

• Ongoing compliance, the certification is reviewed day to day so is always up to date, which is crucial due to evolving cyber threats. The IASME certifications have a 12-month expiry date and within their website there is a search feature of the companies who have the Cyber Essentials accreditation.

Regardless of the level, completing the Cyber Essentials programme reassures customers that you are working on and have a clear picture of the level of security. Shows a public commitment to improving the security of the company as well as giving yourself another wide layer of coverage from potential cyber-attacks.

Find out more about CE and how moving to a SaaS soultion can help you achieve your certification

Visit our SaaS hub