Cyber Essentials - What you need to know

940x529 4

What is Cyber Essentials?

Cyber Essentials (CE) is a government-backed cyber security certification scheme that was introduced in 2014 by the National Cyber Security Centre (NCSC). In January 2023, a further update of the scheme was announced to ensure continual relevance as the cyber threat landscape evolves.

It’s an accredited programme designed to mitigate over 80% of threats. Certified companies enjoy peace of mind and are able prove to customers that their operations are trustworthy and secure.

The NCSC (part of GCHQ) introduced the Cyber Essentials scheme to make the UK and Crown Dependencies highly secure locations for digital business through affordable cyber protection. IASME is the designated certification partner, and the process focuses on five technical controls that guard against the most common types of cyber threat.

Do I need ANOTHER certification?

When looking for a potential supplier, diligent decision makers investigate the credentials of prospective organisations, and certification to Cyber Essentials is fast becoming a minimum requirement - indeed many public sector bodies will only deal with companies that are CE accredited. At a time when cybercrime is at epidemic proportions, we all prefer to deal with companies that take security seriously.

Cyber Essentials Basic: is the base level online process that’s checked by experts at IASME to determine alignment with the standard. It provides certified protection against a wide variety of cyber threats, and reduces the risk of a damaging cyber-attack.

Cyber Essentials Plus: provides the same approach and protection with an additional hands-on technical verification that involves an in-depth vulnerability scan and analysis of the organisation’s systems by a qualified assessor, who then personally verifies the business is compliant.


The Essential 5 Controls

The CE process covers 5 technical control areas that mitigate the majority of cyber-attacks:

Update Management

Ensuring systems and software are up to date and secure, preventing cyber criminals using vulnerabilities in your software to get into your systems.

User Access

Controlling use of data and services based on levels of access. Ensuring employees only have access to the data they need by creating accounts with different levels of access and privilege, limiting the risk of accidental and malicious damage.

Firewalls & Internet Gateways

Secure, active, and effective firewalls must be in place to create a security filter between the internet and the organisation’s network / devices.

Secure Configuration

Settings and systems should be configured correctly, with secure device set-ups to minimise vulnerabilities and risk of exploitation by cyber-criminals.

Malware Protection

Systems must have adequate protection against malware and viruses, identifying and immobilising viruses and other malicious software before it has a chance to cause harm.

Cyber Essentials certification enables organisations to:  

  • Reassure customers that systems are protected against attacks from cyber-space.
  • Attract new business with assurances that cyber security measures are in place.
  • Provide clear evidence of the organisation’s cyber security protection level.
  • Widen sales opportunities as customers increasingly require CE certification.


Simplifying the Red Tape process

Working with a security partner to guide you through the process at every step of the way is a recommended course of action for organisations needing speedy, and assured certification.

Many small and medium sized businesses struggle with the accreditation detail required and some questions can be difficult to understand without detailed technical knowledge of the systems. Remedial action may be required to gain certification, and support from experts also serves as a security audit for on-going protection and assurance.

Platform for on-going security

CE certification is a tried and tested ‘building block’ process for the on-going war against ever more sophisticated cybercrime. Having a level of protection that meets certified Government guidelines provides peace of mind and proof that you’re doing everything required to protect your systems and data - demonstrating to customers that you take security seriously.

We can help you gain a Cyber Essentials certification. 

Register for a Cyber Essentials consultation. 


Register here

Related articles

Dom Article v2

Welcome Dominic Barnes: New Sales Account Director in Jersey

We spoke to new Sales Account Director in Jersey and heard about his plans at Sure Business

Calum QA article v2

A Career in Tech: Callum Gill on his route to Sure Business

Hear from Callum about his career so far, and why keeping up with the latest technology is vital to his dynamic role.


Decoding the Future: Unravel the legal and ethical tapestry of AI

We spoke to one of our professional services consultants, Malcolm Mason and asked for his insight and guidance on the transformative power of AI.