Cyber Security Essentials Requirements to Get Accredited

28 October 2024
Get in touch

Share on social..

Cyber security isn’t optional for businesses today – it’s a necessity. Unfortunately, many small-medium sized businesses and enterprises (SMEs) are not adequately secure. This poses a major issue as the data shows that SMEs are the most targeted organisations by cybercriminals.

But where do you start so you can understand whether the protective security measures you have in place are sufficient?

Getting Cyber Essentials certified can be a good place to start, especially as more commercial and government contracts are now expecting it as a baseline level of cyber security. In fact, 13% of businesses obtained Cyber Essentials specifically for government contracts, with another 13% requiring it for commercial contracts.

Cyber Essentials, a UK government-backed self assessment scheme that can guide many organisations, including SMEs, to a cost-effective way to implement basic cyber defences.

This blog will outline why Cyber Essentials is valuable and why your business should consider it as a starting point in your cybersecurity journey. We’ll cover the Cyber Essentials requirements and how your business can implement them.

What are Cyber Essentials?

    Cyber Essentials is a UK government-backed scheme that provides a framework for businesses to install good cyber hygiene practices, so that organisations can protect themselves against the most common cyber attacks.

    Think of it as a digital health check-up for your business.

    It’s important to note that Cyber Essentials accreditation only lasts 12 months from the date of issue. This means that achieving Cyber Essentials certification is not a one-and-done process, and the security protocols need to be kept in place for successful renewal each year.

    There are two tiers to a Cyber Essentials certification process:

    1.Cyber Essentials (Basic Level)

    A self-assessment option that protects against common cyber attacks.

    Why is it important?

    • Defends against basic attacks
    • Prevents you from being an easy target
    • Gives peace of mind against most common cyber threats

    2.Cyber Essentials Plus (Advanced Level)

    An enhanced version of Cyber Essentials with hands-on technical audit.

    Key differences:

    • Same protections as Cyber Essentials
    • Includes a technical audit carried out by a cyber essentials expert

    To put it simply, the basic level (Cyber Essentials) is like having a lock on your door, while the advanced level (Cyber Essentials Plus) is like having that lock checked by a professional locksmith to ensure it’s properly installed and working correctly.

    What are the Cyber Essentials Requirements?

    Cyber Essentials infrastructure requirements focus on five controls:

    1. Firewall – Using a firewall to secure your internet connection.
    2. Secure Configuration – Choosing the most secure settings for your devices and software.
    3. User Access Controls – Control user permissions and who has access to your data and services.
    4. Malware Protection – Protect yourself and your business from viruses and other malware.
    5. Security Update Management – Keep your devices and software up to date.

    Let’s break down these Cyber Essentials requirements.

    Firewalls

    A firewall acts as a digital security guard for your devices and networks. It controls what information can come in and go out, helping to protect against common cyber attacks. Imagine your computer or network as a house. A firewall is like having a smart door that only lets in invited guests and keeps out strangers.

    Firewalls can be used on many things:

    • The edge of your network (called a boundary firewall)
    • Personal devices like computers and laptops
    • Servers and routers
    • Cloud services

    To meet Cyber Essentials certification requirements, you need to:

    • Set up network firewalls correctly with appropriate restrictions
    • Only allow authorised personnel to access firewall controls

    Secure Configuration

    Secure configuration is about setting up computers and network devices safely. Many devices come with default settings that can be a weak points for attackers. The goal is to reduce vulnerabilities on each user’s device and only keep necessary services running. This is a crucial part of the cyber essentials infrastructure requirements.

    The default configurations that are considered weak points include easy-to-guess default passwords that aren’t changed by the user or preinstalled apps that aren’t needed and may pose an exposure risk to cyber attacks.

    To meet Cyber Essentials certification requirements, you need to:

    • Remove or disable unnecessary user accounts, software, and services
    • Change default or easy-to-guess passwords
    • Turn off features that automatically run files without user permission
    • Set up strong security measures such as multifactor authentication (MFA)

    User Access Controls

    User access control is about managing who can access certain types of company data. It’s like having different keys for different rooms in a building.

    You want to have technical controls to make sure only authorised people can enter specific areas of stored data.

    To meet Cyber Essentials certification requirements, you need to:

    • Have appropriate administrative accounts
    • Have a process for creating and approving user accounts with each user having unique login credentials
    • Remove or disable accounts when no longer needed
    • Use multi-factor authentication (MFA), especially for cloud services
    • Use separate accounts for administrative activities
    • Implement password best practices:
      1. Educate users about choosing strong, unique passwords
      2. Encourage use of password managers
      3. Don’t force regular password changes
      4. Don’t enforce complex password rules
      5. Enforce good password quality (use MFA, require at least 12 characters, or require at least 8 characters and block common passwords)

    Malware Protection

    Malware is harmful software designed to damage or gain unauthorised access to your systems. It includes viruses and ransomware. Without sufficient protection, you risk system malfunctions, data loss, and the spread of malware to other devices.

    Malware can appear on your device through clicking on an email attachment from an attacker, downloading an infected app, by accidentally (or being tricked into) using malicious websites, or downloading it directly onto your device.

    To meet Cyber Essentials certification requirements, you need to:

    • Have at least one active malware protection mechanism on all company devices
    • Ensure protection software can block connections to harmful websites
    • Keep protection software up-to-date
    • Configure software according to vendor instructions

    Security Update Management

    Keeping your software and devices up-to-date is crucial for protecting against known security issues and the most common cyber attacks. It’s like maintaining your home’s security system – it needs regular attention to keep you safe. This is another key aspect of the cyber essentials infrastructure requirements.

    Devices will include desktops, laptops, phones, tablets, networks, approved applications, and cloud services.

    To meet Cyber Essentials certification requirements, you need to:

    • Use licensed and supported software
    • Enable automatic updates where possible
    • Apply critical or high-risk updates within 14 days
    • Handle combined updates carefully (if any part of the update is critical, treat the whole update as critical)

    Cyber Essentials or Cyber Essentials Plus:

    While Cyber Essentials provides a solid foundation for cyber security, small businesses should seriously consider opting for Cyber Essentials Plus. This advanced certification offers a better defence against cyber threats. With Cyber Essentials Plus, you’re not just ticking boxes; you’re getting an independent verification of your security measures through a hands-on technical assessment.

    This thorough evaluation can uncover vulnerabilities and security controls that might be missed in a self-assessment questionnaire, providing you with a more comprehensive view of your cybersecurity position. This attention to detail is proving effective – the failure rate for Cyber Essentials has dropped for the third straight year to just 2%.

    Moreover, Cyber Essentials Plus sends a stronger signal to your clients and stakeholders about your commitment to data protection. The numbers speak for themselves – organisations with Cyber Essentials are 92% less likely to claim on cyber insurance policies.

    With the increasing number of breaches happening to businesses today, this enhanced credibility can be a significant competitive advantage. It’s no surprise that 89% of certified organisations would recommend Cyber Essentials to others like theirs, with 91% planning to recertify next year.

    Conclusion

    To reiterate, cyber security is no longer optional – it’s essential for businesses of all sizes. Cyber Essentials, or Cyber Essentials Plus provides an excellent starting point for SMEs looking to enhance their cybersecurity measures and gain a competitive advantage.

    As more organisations are now focusing on their supply chain security, a Cyber Essentials certificate is now expected as a baseline to secure big commercial and government contracts – so you don’t want to automatically disqualify your business by not having it.

    A trusted IT provider can help take the burden off you and help you achieve and maintain your certification. They can guide you through the process, implement the cyber security measures, and ensure your operating systems remain compliant with Cyber Essentials requirements year after year.

    Click Here to Contact Us about Cyber Essentials.

    Sources:

    What our customers say

    Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.

    Luke Harrison
    Keidan Harrison LLP

    Lumina have supported us so well through the difficult circumstances of 2020.  They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully. The support team are very friendly and knowledgeable, and have excellent response times.

    The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.

    Robin Illingworth
    Managing Partner, Adams & Remers LLP

    The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.

    Martin David
    Technical Director, Trap Oil Group plc

    Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.

    Carolyn Addison
    Corporate Fundraising Manager, The Hospice of St Francis

    Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.

    Katherine Roe
    Chief Executive Officer, Wentworth Resources PLC

    The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.

    Patrick Agar
    Lambert Energy Advisory

    It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.

    Cindy Withey
    Connect Dacorum

    Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.

    Stephen Pembury
    Hawkstone Management Services Ltd

    Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.

    Charles Douglas
    Managing Partner, Charles Douglas Solicitors LLP

    The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.

    Adam Helmy
    Amoun Travel & Tours Ltd

    Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.

    John Bell
    Group Technical Director, Salamander Energy plc

    Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.

    Clementine McKinley
    COO, Perrett Laver Limited

    Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.

    Simon Lucas
    Managing Director, Society Limited

    The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.

    Joe Menendez
    CEO, The Vita Group

    We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.

    Holly Cottingham, Vintec Laboratories

    We’ve been so well supported by Paige and the Lumina team. They’ve been highly professional, very responsive, friendly, supportive. It’s really validated the decision to engage an IT partner, and we’re glad it’s with Lumina. 

    Bruce Storey
    Chief Operating Officer, Estu Global Ltd

    Discuss your business needs today

    Get in touch Schedule a call