For small businesses in London and around the world, cyber threat is not just a feeling - it's a real risk. A single cyber attack, whether via a sneaky phishing email or a piece of nasty ransomware, can completely derail everything you’ve worked hard to build.
Think of it as your business’s bulletproof vest against the most common online threats. It’s a government-backed scheme designed to help you batten down the hatches and protect your business. But what does it actually involve, and how do you get it? We’re going to walk you through a simple, no-nonsense checklist to help you get certified and keep your business safe.
Why Bother with Cyber Essentials? It's More Than Just a Badge
You might be thinking, "Do I really need another certification?" And we get it. But this isn’t just a fancy logo for your website. It's a genuine investment in the future of your business. Here’s why it’s so important:
It’s Your First Line of Defence:
The Cyber Essentials framework is built around five key controls that can stop around 80% of common cyber attacks. That means less worrying about ransomware, malware, and phishing scams, and more time focusing on what you do best.
Builds Trust with Your Customers:
Data breaches are all over the news, people are extra cautious about who they trust. Displaying the Cyber Essentials badge shows your clients and customers that you take their security seriously. It’s a huge confidence booster and a great way to stand out from the competition.
Opens New Doors for Your Business:
Many larger organisations, especially in the public sector or government, now require their partners to have Cyber Essentials certification. If you want to bid for those bigger contracts and grow your business, this is a must-have.
Could Save You Money:
Insurers are well aware of the cost of a cyber attack. By showing them you have a solid security foundation with your Cyber Essentials certificate, you might be able to snag a better deal on your cyber insurance.
Your Simple Cyber Essentials Certification Checklist
The entire scheme is built on five core technical controls. Don't worry, they’re not as complicated as they sound. We've broken them down into an easy-to-follow checklist for you.
- Firewalls and Internet Gateways
Picture your firewall as the bouncer for your business’s network. It decides who gets in and who stays out.
Checklist Items:
- Do you have a firewall on your router?
- Does every single computer and device have a software firewall enabled? This is crucial for laptops that get used in coffee shops or on public Wi-Fi.
- Have you changed all the default passwords on your router and other network gear?
- Are you only letting in what’s absolutely necessary? Make sure your firewall rules are tight.
- Secure Configuration
This is all about getting rid of the easy targets. It’s like locking your doors and windows instead of leaving them wide open.
Checklist Items:
- Have you changed all default passwords and user accounts on your devices?
- Have you uninstalled any old software or apps you don’t use? Less software means fewer potential weak spots.
- Do all your computers and phones lock themselves automatically after a few minutes of inactivity?
- Have you disabled the auto-run feature for USBs to prevent malware from running by mistake?
- Do your employees have separate, standard user accounts for their daily work, and only use an admin account when they absolutely need to?
- User Access Control
This control is about making sure only the right people have access to the right information. No more, no less.
Checklist Items:
- Does every employee have their own unique username and password? No sharing!
- Are permissions based on the principle of least privilege? This means giving people access only to the data and systems they need to do their job.
- Do you have a strong password policy in place? Passwords should be long, unique, and not reused.
- When an employee leaves, is their access immediately removed?
- Are you using multi-factor authentication (MFA) for all your critical systems and cloud services (like email)?
- Malware Protection
Malware is everywhere, but this control is about having the right tools to stop it in its tracks.
Checklist Items:
- Is up-to-date anti-malware software installed on all your computers and devices?
- Is the software set to automatically scan new files as they come in?
- Does it update its definitions at least once a day?
- Do you have a policy to stop people from installing unapproved software?
- Are you using a good email filter to block malicious attachments and known dodgy websites?
- Patch Management and Software Updates
Outdated software is a cyber criminal's best friend. This control is all about keeping everything up to date and patched.
Checklist Items:
- Are all your operating systems (like Windows and macOS) and software still supported by the vendor?
- Is your software set to automatically update itself whenever possible?
- Are all critical security patches applied within 14 days of being released?
- Do you have a plan for software that can't be automatically updated?
- Are any old, unsupported devices completely disconnected from your network and the internet?
Cyber Essentials vs. Cyber Essentials Plus
There are two levels of certification, and it’s important to know the difference.
- Cyber Essentials (Self-Assessment): This is the perfect starting point. You fill out an online questionnaire about your IT and security practices, and an accredited body checks your answers. It's affordable and a great way to get started.
- Cyber Essentials Plus (Technical Audit): This is the more advanced option. It includes everything from the basic level but also involves a hands-on technical audit. A qualified assessor will run tests on your devices to make sure your controls are actually working as they should be.
For most small businesses in London, we suggest starting with the self-assessment. It’s a brilliant way to get your security sorted, and you can always go for the Plus certification later on.
We Can Help You Get It Sorted
Trying to tick all these boxes on your own can feel overwhelming, especially when you’re busy running your business. At Solid Rock IT UK, we specialise in helping small businesses in London get their cyber security in order. We make the Cyber Essentials certification process simple and stress-free.
We can help you with a full gap analysis, identifying any weak spots before you even start the assessment. Then, we’ll help you implement the changes and get everything set up correctly. We’ll be there to guide you through the questionnaire, answering any questions you have and making sure your answers are spot-on.
Cyber Essentials certification isn't a chore; it's a smart business decision that protects your company and helps you grow. Why not take the first step today?