More and more businesses are getting Cyber Essentials certified, which makes sense because there are lots of sensible reasons to - least of all the enhanced security it can offer your business. We cover this in more detail in the Five Ways Cyber Essentials Protects your Business blog.
In simple terms, Cyber Essentials is a government-backed scheme that helps businesses protect themselves against common cyber threats. Getting certified not only improves your security but also builds trust with clients and partners. We have a FREE webinar coming up that can provide you with more information about the benefits, register here.
If you’re thinking about applying, here’s a step-by-step guide on how to get Cyber Essentials approved...
1. Review the Five Key Security Controls
Cyber Essentials is built around five fundamental areas of cyber security. You’ll need to make sure these are in place before applying:
- Firewalls – secure your internet connection.
- Secure configuration – make sure systems and devices are set up safely.
- User access control – ensure staff only have access to what they need.
- Malware protection – use endpoint detection and response and other tools to guard against malicious software.
- Patch management – keep software and devices updated with the latest security patches.
2. Complete the Self-Assessment Questionnaire
The Cyber Essentials process starts with an online self-assessment, where you answer questions about your IT setup and security policies. To make this smoother:
- Gather information from your IT team or IT support provider.
- Be honest and accurate; the certification body will check your responses.
- Use plain, clear answers rather than over-complicated explanations.
3. Work with a Certification Body
You can’t apply for Cyber Essentials directly; you’ll need to go through an accredited certification body who will review your questionnaire and confirm whether you meet the requirements.
We'd recommend choosing a provider that offers guidance and support, so you know exactly what to fix if your first attempt isn’t successful. Your IT provider should be able to offer guidance around who is best to work with.
4. Fix Any Gaps Before Submission
If you identify any gaps during the process, such as outdated software, weak passwords or missing malware protection, address these before submitting your application. Cyber Essentials is designed to be achievable for SMEs, but preparation is key.
5. Understand the two levels of Cyber Essentials
Before you start, it’s important to know the difference between Cyber Essentials and Cyber Essentials Plus:
- Cyber Essentials is a self-assessment certification that shows your organisation follows basic cyber security practices.
- Cyber Essentials Plus includes an independent technical audit to verify your controls are working in practice.
6. Keep Your Certification Up to Date
Cyber Essentials certification lasts for 12 months, so to stay protected (and compliant), you’ll need to renew annually. This is also a great opportunity to check your systems and ensure your defences are keeping up with evolving threats.
Curious if your business is Cyber Essentials ready? Join our free webinar on 1st October, where we’ll walk you through the requirements and help you understand what you need to do next.
