Skip links
cyber essentials for small businesses

Step-by-Step Guide to Cyber Essentials for Small Businesses

Step-by-Step Guide to Cyber Essentials for Small Businesses

Step 1: Understand Cyber Essentials for Small Businesses

Cyber Essentials is a UK government-backed certification scheme designed to help companies protect themselves against common online threats. It focuses on five critical controls that, when implemented correctly, can prevent around 80% of cyber-attacks.

Step 2: Assess Your Current Cyber Security Measures

Before starting the Cyber Essentials process, evaluate your existing cyber security practices. Identify gaps and areas that need improvement based on the five critical controls:

  1. Firewalls
  2. Secure Configuration
  3. User Access Control
  4. Malware Protection
  5. Patch Management

Step 3: Choose the Right Certification Level

There are two levels of Cyber Essentials certification:

  1. Cyber Essentials: A self-assessment option suitable for smaller businesses.
  2. Cyber Essentials Plus: Includes an independent assessment to verify your self-assessment.

Decide which level fits your business needs and budget.

Step 4: Select a Certification Body

Choose an accredited certification body from the list provided by IASME Consortium, the organisation responsible for managing Cyber Essentials. The certification body will guide you through the process and assess your application. At Better-IT we are an accredited certification body for both Cyber Essentials and Cyber Essentials plus.

Step 5: Implement the Five Key Controls

1. Firewalls

  • Action: Ensure your internet connection is protected by a firewall. Use firewalls on individual devices if employees work remotely.
  • How: Configure your firewall to block unauthorised access while allowing legitimate traffic.

2. Secure Configuration

  • Action: Secure settings on all devices and software.
  • How: Remove or disable unnecessary accounts, change default passwords, and limit user privileges.

3. User Access Control

  • Action: Manage who has access to your data and services.
  • How: Implement the principle of least privilege, create individual user accounts, and use multi-factor authentication (MFA) where possible.

4. Malware Protection

  • Action: Protect against malware through various means.
  • How: Use anti-virus software, restrict access to dangerous websites, and ensure regular scans and updates.

5. Patch Management

  • Action: Keep your software and devices up to date.
  • How: Regularly apply software updates and patches, and automate this process if possible.

Step 6: Complete the Self-Assessment Questionnaire

For Cyber Essentials certification, complete the self-assessment questionnaire provided by your chosen certification body. This questionnaire covers your implementation of the five key controls.

Step 7: Submit Your Application

Submit your completed self-assessment questionnaire to the certification body. They will review your answers and may ask for additional information or clarification.

Step 8: External Assessment (Cyber Essentials Plus)

If you opt for Cyber Essentials Plus, the certification body will conduct an external assessment. This involves:

  • On-site assessment: An auditor visits your premises to verify your self-assessment.
  • External vulnerability scan: Scans of your internet-facing infrastructure to check for vulnerabilities.

Step 9: Address Any Issues

If the certification body identifies any issues during their review or assessment, address these promptly. Implement any necessary changes and provide the required evidence of compliance.

Step 10: Receive Your Certification

Once you pass the assessment, you will receive your Cyber Essentials or Cyber Essentials Plus certification. This certification is valid for one year.

Step 11: Maintain and Renew Your Certification

Cyber threats are constantly evolving, so it’s crucial to maintain your cyber security measures. Regularly review and update your practices to stay compliant. Renew your certification annually to ensure ongoing protection.

Achieving Cyber Essentials certification demonstrates your commitment to cyber security and provides reassurance to your customers and partners. By following these steps, your business can effectively protect itself against common online threats and enhance its overall security posture.

Right now we have an offer on. If you’re looking at taking your Cyber essentials we will offer a free security audit for your business to look at what’s good and what could be improved. We will also offer a free penetration testing to see if we can potentially hack into your system and if so, where are we getting in and why. Book a meeting and we can get you started.

🍪 This website uses cookies to improve your web experience.