Cyber Essentials Certification Checklist: Small Business Guide to Staying Safe

cyber security assessment rationaleFor small businesses in London and around the world, cyber threat is not just a feeling - it's a real risk. A single cyber attack, whether via a sneaky phishing email or a piece of nasty ransomware, can completely derail everything you’ve worked hard to build.

Think of it as your business’s bulletproof vest against the most common online threats. It’s a government-backed scheme designed to help you batten down the hatches and protect your business. But what does it actually involve, and how do you get it? We’re going to walk you through a simple, no-nonsense checklist to help you get certified and keep your business safe.

Why Bother with Cyber Essentials? It's More Than Just a Badge

You might be thinking, "Do I really need another certification?" And we get it. But this isn’t just a fancy logo for your website. It's a genuine investment in the future of your business. Here’s why it’s so important:

It’s Your First Line of Defence:

The Cyber Essentials framework is built around five key controls that can stop around 80% of common cyber attacks. That means less worrying about ransomware, malware, and phishing scams, and more time focusing on what you do best.

Builds Trust with Your Customers:

Data breaches are all over the news, people are extra cautious about who they trust. Displaying the Cyber Essentials badge shows your clients and customers that you take their security seriously. It’s a huge confidence booster and a great way to stand out from the competition.

Opens New Doors for Your Business:

Many larger organisations, especially in the public sector or government, now require their partners to have Cyber Essentials certification. If you want to bid for those bigger contracts and grow your business, this is a must-have.

Could Save You Money:

Insurers are well aware of the cost of a cyber attack. By showing them you have a solid security foundation with your Cyber Essentials certificate, you might be able to snag a better deal on your cyber insurance.

 

Your Simple Cyber Essentials Certification Checklist

The entire scheme is built on five core technical controls. Don't worry, they’re not as complicated as they sound. We've broken them down into an easy-to-follow checklist for you.

  1. Firewalls and Internet Gateways

Picture your firewall as the bouncer for your business’s network. It decides who gets in and who stays out.

Checklist Items:

  • Do you have a firewall on your router?
  • Does every single computer and device have a software firewall enabled? This is crucial for laptops that get used in coffee shops or on public Wi-Fi.
  • Have you changed all the default passwords on your router and other network gear?
  • Are you only letting in what’s absolutely necessary? Make sure your firewall rules are tight.
  1. Secure Configuration

This is all about getting rid of the easy targets. It’s like locking your doors and windows instead of leaving them wide open.

Checklist Items:

  • Have you changed all default passwords and user accounts on your devices?
  • Have you uninstalled any old software or apps you don’t use? Less software means fewer potential weak spots.
  • Do all your computers and phones lock themselves automatically after a few minutes of inactivity?
  • Have you disabled the auto-run feature for USBs to prevent malware from running by mistake?
  • Do your employees have separate, standard user accounts for their daily work, and only use an admin account when they absolutely need to?
  1. User Access Control

This control is about making sure only the right people have access to the right information. No more, no less.

Checklist Items:

  • Does every employee have their own unique username and password? No sharing!
  • Are permissions based on the principle of least privilege? This means giving people access only to the data and systems they need to do their job.
  • Do you have a strong password policy in place? Passwords should be long, unique, and not reused.
  • When an employee leaves, is their access immediately removed?
  • Are you using multi-factor authentication (MFA) for all your critical systems and cloud services (like email)?
  1. Malware Protection

Malware is everywhere, but this control is about having the right tools to stop it in its tracks.

Checklist Items:

  • Is up-to-date anti-malware software installed on all your computers and devices?
  • Is the software set to automatically scan new files as they come in?
  • Does it update its definitions at least once a day?
  • Do you have a policy to stop people from installing unapproved software?
  • Are you using a good email filter to block malicious attachments and known dodgy websites?
  1. Patch Management and Software Updates

Outdated software is a cyber criminal's best friend. This control is all about keeping everything up to date and patched.

Checklist Items:

  • Are all your operating systems (like Windows and macOS) and software still supported by the vendor?
  • Is your software set to automatically update itself whenever possible?
  • Are all critical security patches applied within 14 days of being released?
  • Do you have a plan for software that can't be automatically updated?
  • Are any old, unsupported devices completely disconnected from your network and the internet?

Cyber Essentials vs. Cyber Essentials Plus

There are two levels of certification, and it’s important to know the difference.

  • Cyber Essentials (Self-Assessment): This is the perfect starting point. You fill out an online questionnaire about your IT and security practices, and an accredited body checks your answers. It's affordable and a great way to get started.
  • Cyber Essentials Plus (Technical Audit): This is the more advanced option. It includes everything from the basic level but also involves a hands-on technical audit. A qualified assessor will run tests on your devices to make sure your controls are actually working as they should be.

For most small businesses in London, we suggest starting with the self-assessment. It’s a brilliant way to get your security sorted, and you can always go for the Plus certification later on.

We Can Help You Get It Sorted

Trying to tick all these boxes on your own can feel overwhelming, especially when you’re busy running your business. At Solid Rock IT UK, we specialise in helping small businesses in London get their cyber security in order. We make the Cyber Essentials certification process simple and stress-free.

We can help you with a full gap analysis, identifying any weak spots before you even start the assessment. Then, we’ll help you implement the changes and get everything set up correctly. We’ll be there to guide you through the questionnaire, answering any questions you have and making sure your answers are spot-on.

Cyber Essentials certification isn't a chore; it's a smart business decision that protects your company and helps you grow. Why not take the first step today?

Have IT Support Questions? We can help.

Speak to one of our IT Solutions expert today: 07951878703

GET YOUR QUOTE

pencil

Remote IT Support

Quick online computer services and Apple Mac support for business and homes. Expert computer support help via secure remote IT support London can depend on in the UK and globally.

 

paper

On-Site IT Support

Our IT engineers travel to clients for onsite IT support near me services in London and surrounding areas. We can come to you for Mac repairs and computer support in London.

pencil

Computer Repair

Let us repair your computer and laptop devices and boost productivity. Our computer repair services fix hardware faults and solve software issues.

 

desktop

Mac Support

We can repair your Mac and our IT services covers Apple hardware and software issues, with onsite and remote support available when you need it most.