Cyber Essentials is a UK Government backed scheme that was launched in 2014 with the objective of helping organisations protect themselves against the most common cyber risks and attacks.

The Cyber Essentials framework consists of five basic technical controls that make up the foundation of a good cybersecurity strategy. Having these five controls in place provides organisations with a basic degree of protection against the most common types of cyberattacks.

Some quick facts about Cyber Essentials

  • The scheme outlines a basic set of measures (hence the term ‘Essentials’) that all organisations should adopt.
  • It does not by any means represent a gold standard of cybersecurity but is a good starting point.
  • The scheme is not mandatory unless your organisation wishes to bid for specific government contracts but is recommended for all organisations.
  • There are two levels of the scheme:
    • Cyber Essentials is the basic level where organisations self-certify that they meet the standards
    • Cyber Essentials Plus goes a step further by having an external assessment of the organisation to check their compliance with the standard

The five basic controls in Cyber Essentials are:

  1. Use a Firewall to protect your internet connection (and remember not all firewalls are equal)
  2. Choose secure settings and configuration for your devices and software (don’t rely on manufacturer’s ‘default’ settings, and enforce settings by policy)
  3. Control access to your data and services (limit the use of admin accounts, limit what data people have access to, follow the principle of least privilege)
  4. Protect yourself from malware (using multiple layers of anti-malware and advanced techniques such as whitelisting and sandboxing)
  5. Keep your devices and software up to date

If you do all the above, you will have met the minimum standard recommended by the scheme. This will help keep your organisation secure, and also demonstrate to your customers, investors, regulators and other stakeholders that you are being responsible and taking steps towards a good cybersecurity posture. Do bear in mind that this is a minimum standard and we strongly recommend that most organisations implement a strong, multi-layered cyber defence strategy.

To read more, head over to the National Cyber Security Centre’s Cyber Essentials website.

If you’re interested in exploring the scheme or obtaining Cyber Essentials certification, feel free to get in touch with us and we can help you get started quickly and easily.