What is Cyber Essentials?

A UK Government scheme and certification, Cyber Essentials, helps organisations to implement and prove their cyber security for their clients and also deter hackers.

Created to ensure a national standard of information security on processing, managing and sharing personal data, it provides clear information security standards and has helped block 80% of online threats. 

What’s the point?

A Cyber Essentials certificate is necessary to get certain UK Government contracts, especially any that relate to the Ministry of Defence, who require a Cyber Essentials Plus certification.

If you’re a UK organisation with an annual turnover of < £20m, you also qualify for a free cyber insurance! 

How does it work?

There are five key controls that Cyber Essentials evaluates: firewalls, secure configuration, user access control, malware protection and patch management.

Firewalls are available for both Windows and Apple devices (though you have to manually activate them on Apple), and they help prevent unauthorised access to or from your internal network. Both software or boundary firewalls can be utilised, depending on the device, but every device must be protected by a correctly configured firewall.

Secure configuration ensures that devices are as up-to-date as possible, as they are not secure out-of-the-box. With default passwords and inactive applications, they require configuration to make them more secure, which will help reduce the inherent vulnerabilities of them.

User access control ensures that only authorised users can access the organisation’s devices,  networks, or accounts, rather than have access to all information. Administrative accounts require more stringent protection, and the procedure to gain access to an administrative account must be clearly documented and followed. 

Malware protection is similar to firewalls, where you protect your devices from harmful material being downloaded or accessed from internal networks. All anti-malware or protection software must be installed and kept up-to-date.

Security update or patch management works with all of the above, ensuring that all devices and software are kept up-to-date to protect against known threats. The cyber security industry is one that’s constantly in motion, with vulnerabilities often discovered in devices or software, which is then updated to protect against those flaws, and your organisation must use the most recent  version to ensure protection against known vulnerabilities.

How to protect your organisation?

Cyber Essentials is a self-assessment that provides protection against most cyber attacks! It’s an easy base level of information security. Cyber Essentials Plus is an independent technical verification of your systems to ensure appropriate levels of information security.

For more information on the self-assessment of Cyber Essentials, you can take a look at the self assessment form for free here:

For help to reach the requirements of Cyber Essentials or to get advice on achieving the Cyber Essentials Plus certification, Bivika is here to help. Feel free to get in touch via info@bivika.com now!