Becoming Cyber Essentials certified

Cyber crime is unfortunately now commonplace with 46% of UK businesses and charities reporting a cyber-attack during 2020. Cyber Essentials is a UK Government scheme that has been designed to help businesses protect themselves against cyber crime.


Responding to this ongoing threat is high priority for all businesses, large or small, as there can be significant monetary and reputational costs at stake for those who suffer attacks or data breaches. Being able to demonstrate your company’s cyber security is also of top priority when working with third parties.


How can Cyber Essentials help?


Cyber Essentials helps ensure businesses adopt the data security practices recommended by the National Cyber Security Centre (NCSC). The NCSC standards make it easier for companies to protect themselves against common cyber threats by assessing its data protection and security standards. Becoming Cyber Essentials certified enables you to demonstrate to employees, customers, and third parties your commitment to cyber security.


Keep reading for a checklist of the basic measures you need to have in place in order to gain Cyber Essentials certification:



1. Create an Information Security policy

Create a company-wide information security policy that is appropriate to the industry your business operates in. Establish rules and protocols that the organisation should follow. To meet Cyber Essentials standards it should include:


  • How you handle and process the personal data of customers, employees and any third parties

  • Guidelines for employees to follow to keep themselves and company systems secure

  • A password policy that stipulates the requirements needed for passwords (length, special characters etc)

2. Keep all company devices and software up to date Don’t be tempted by the ‘Remind me later’ button. Many data breaches occur due to out of date software or hardware leaving users vulnerable to attack.


Keeping software and hardware up-to-date within a company is a simple yet vital step that every organisation should take. Users should at the very least be reminded to update their software, or it can be enforced through IT, for example, by ensuring software is set to update automatically.


3. Secure your internet connection with a firewall

Firewalls provide protection between your systems and external ones by filtering out anything that may be deemed to cause harm. They create a “buffer” where incoming traffic is analysed before being let into your network, keeping you safe. The Cyber Essentials scheme requires all devices that are connected to the internet are to be protected with a firewall so it’s a must-have if you want to meet the requirements.


4. Set up appropriate access control

Only give users access to what they need based on their role within the business. Users shouldn’t be sharing accounts and former employee accounts should be made inaccessible. By following an agreed process, you can more easily limit the number of employees with access to sensitive data. This reduces the risk of data breach significantly.


If a cyber criminals gains access to a user account, the consequences could be much worse if the user happens to have administrative account privileges. Limiting the number of admin accounts should be a top priority for IT departments.


5. Secure devices and software through settings

Applying the most secure settings to hardware and software will increase your level of security. However, many IT teams set up systems by enabling default settings which are usually not the most secure. Whilst it may be more time consuming to configure applications and services, it can present security risks if you do not.


Here are some best practice measures for secure configuration:

  • Change the default password for both user and administrator accounts and use a strong password

  • Remove/ disable applications or services that are not being used

  • Do not allow users to set their passwords to easily guessable words/ sequences and create a password policy to help guide them

  • Limit the number of unsuccessful user login attempts

Cyber Essentials accreditation is important for any company looking to improve their cyber security posture. By implementing the five key controls outlined in this article, you’ll reduce your risk of cyber attack and be well on your way to achieving accreditation.


If you’d like some help taking the initial steps to certification, we can help. Complete our FREE Cyber Essentials Pre-Assessment questionnaire to receive a report on your current cyber security posture and identify any further actions you need to take to become Cyber Essentials certified.


Find out more about how Crossword can help your company reduce cyber security risk.