Introduction to Cyber Essentials

Cyber Essentials

Unleashed is uniquely positioned to help your business attain the Cyber Essentials accreditation.

Cyber Essentials was introduced in 2014, the UK Government decided to implement a cybersecurity scheme to help businesses of all sizes to protect and mitigate against cyber-attacks.  This scheme is called Cyber Essentials and Cyber Essentials Plus (CE and CE+)

CE is a self-assessment questionnaire that Unleashed is accredited to help you complete. CE+ is external verification of the information you have provided with on-site Vulnerability testing.

This scheme has been designed to give a clear statement on basic cyber controls to all organisations. The aim is to help them to protect their business against common Internet threats.

The Cyber Essential scheme offers a foundation of the basic security measures that your business can implement and build upon. The UK Government firmly believes that by implementing basic control measures they can significantly reduce your vulnerability. However, these control measures are not guaranteed to remove all cybersecurity risks. i.e. CE will not stop a targeted attack against your business, for this, you will need to implement higher security measures.

What this scheme will do, is give you a structure and define measured controls that provide cost-effective basic cybersecurity for your business.  By following the five steps, the UK Government estimate you can mitigate 80% of cyber-attacks.


Cyber Essentials comes in two standards – Standard and Plus.  Both standards have the same questionnaire.  For standard, a self-assessment questionnaire that can be filled in by a competent IT person within your organisation. This is then sent off to the certification body for verification.  If all of your answers meet the required standards, you pass and get a Cyber Essentials certificate. You can then display the cyber essentials logo on your website as proof your business meets the CE standard.  If you fail, you will be told where your security measures fall down and you can rectify that area and re-apply.

For Plus (the highest level), the same questionnaire applies but your answers must be verified by an external verification body.  Plus can be viewed as an extension of the standard.  The verification body will run external vulnerability tests against your questionnaire to ensure you meet the correct standard.

Cyber Essentials Control Processes

CE focuses on Internet-originated attacks against an organisation’s IT systems and has five control measures:

  1. Boundary firewalls and Internet Gateways

These are devices that protect unauthorised access to or from your IT network. They can be dedicated security devices or an Internet-facing router.

  1. Secure Configuration

This means, your systems are configured to conform to the Cyber Essential guidelines.

  1. Access Control

This means, that only those people that need to access systems/data can and they have the appropriate set of permissions.

  1. Malware Protection

Virus and Malware protection must be installed and kept up to date with the latest patches

  1. Patch Management

All of your operating systems and Internet-facing devices must be kept up to date with the latest patches and fixes that have been supplied by the vendor.

Assurance framework

We are hearing more and more about organisations exposing customers’ information to cyber threats.  So, this means, it is becoming increasingly important for companies to maintain a robust cybersecurity policy and equally important to demonstrate this to their customers.

The Assurance Framework has been designed to demonstrate who is implementing cybersecurity controls against those who are not.

There are a few ways you can use this framework.  You could use it to differentiate your business against that of a competitor. Or, you could ask insurers, investors and auditors to take the certification into account when assessing your risk factor.

Cyber Essentials Consultancy

Whilst Cyber Essentials and Cyber Essentials Plus have been designed to be simple and straightforward, you may need some assistance in getting ready for your accreditation. That is where Unleashed can help you.

Cyber Essentials can be a time-consuming process, getting help from a qualified Cyber Essentials expert can remove the pain and speed up the process.

If you’re interested in discussing Cyber Essentials or Cyber Essentials Plus then please fill in the contact form.