Cyber Essentials
Get expert guidance completing Cyber Essentials
We provide UK organisations with leadership and guidance completing Cyber Essentials. We make assessment, and implementing your cyber plan, straightforward and stress-free.
Let our Cyber Specialists help
Cyber Essentials helps protect UK organisations against the most common cyber threats.
The UK National Cyber Security Centre (NCSC) designed Cyber Essentials to protect organisations against some of the most common cyber threats. Organisations can certify to Cyber Essentials—a self-assessment questionnaire assessed by approved Certification Bodies.
Our Cyber Security Specialists can help with assessment preparation, managing the certification process through to successful completion, and even implementing the requirements for Cyber Essentials.
Improve your organisation’s cyber security
The goal of Cyber Essentials is to give UK organisations a clear path to improve their cyber security. Implementing the technical controls within the framework ensures organisations have the fundamentals in place, making it easy for businesses to build a solid defence against the most common cyber threats.
Increase your business opportunities
As well as actually improving your cyber risk posture, Cyber Essentials demonstrates this fact to other businesses, consumers and regulators, which can lead to new business opportunities. For instance, in 2014 the UK government made Cyber Essentials mandatory to all organisations wishing to engage in central government contracts.
Ideal for small businesses
Cyber Essentials is suitable for any sized organisation, but is particularly valuable to small to medium sized businesses looking to achieve a base level of cyber security. The framework allows organisations who don’t have the budget, size or need for a certification as comprehensive as ISO 27001 or SOC2 to level up their cyber security and evade the most common cyber attacks.
Levels to fit any organisation
All 5 Cyber Essentials controls are designed to enable multiple ways to achieve the same outcome. This makes the framework accessible to businesses of all sizes. i.e. It allows you to customise your cyber security plan to your business size and technology complexity. A small organisation will likely have a smaller, less complex cyber security plan than a large organisation.
Let us help you uplift your cyber security to align to the Cyber Essentials framework.
The 5 controls of Cyber Essentials... the bases we help you improve:
1. Firewalls
Put controls in place so only necessary network services can be accessed over the internet. We’ll also make sure inbound and outbound traffic is secured and monitored.
2. Secure Configuration
Configure all computers and network devices to reduce vulnerabilities and ensure they are set up to only provide services necessary to the business. It also involves making sure things like inbuilt prepackaged software is removed when no longer needed, ensuring all updates are installed, ensuring there aren’t open ports that may lead to common attacks etc.
3. Security Update Management
Make sure all devices and software are protected from known vulnerabilities. So, installing patches on all operating systems and software packages.
4. User Access Control
Ensure only authorised users have access to the systems within your organisation. So, making sure users are only given access to networks when they’ve been approved. It also involves ensuring users only have access to the information they need to complete their work. For instance, staff who aren’t part of the finance team don’t need access to financial systems, general staff members don’t need access to IT services etc.
5. Malware Protection
Put controls in place to restrict the execution of malware or untrusted software on a network. So, making sure your business has up-to-date antivirus software running on all your machines which does live scanning and blocks the execution of any potentially malicious files. Also, scanning web pages to prevent staff from clicking on potentially malicious website links posted in emails etc.