Cyber Essentials

Protection against Cyberthreats

A defined set of protective controls

Cyber Essentials is a Government-backed and industry-supported scheme to help businesses protect themselves against cyberthreats.

As reliance on internet technologies increases, so do the opportunities for criminals and hackers to commit fraud, industrial espionage, or steal intellectual property. Cyber Essentials defines a set of 5 key security controls which, when properly implemented, will better protect businesses from attacks using software and techniques which are freely available on the open internet.

By adhering to this widely-endorsed standard, your business can display the Cyber Essentials badge and demonstrate that it takes cybersecurity seriously.

The Five Key Controls

Firewalls & Gateways

Use devices designed to prevent unauthorised access to or from private networks.

Secure Configuration

Ensure that systems are configured in the most secure way for the needs of the organisation.

Access Control

Ensure only those who should have access to systems are provided access at an appropriate level.

Malware Protection

Ensure that virus and malware protection is installed and up to date.

Patch Management

Ensure the latest supported version of applications is used, and all patches and updates applied.

Cyber Essentials FAQs

How much does it cost?

The intention of the scheme is to be affordable to the greatest possible number of businesses. Costs will depend on the size of your organisation and the level of rigour you need to demonstrate.

Who is Cyber Essentials for?

Cyber Essentials is applicable to organisations of all sizes and in all sectors. We encourage all organisations to look at the requirements and adopt them. This is not limited to private sector companies, but is equally applicable to universities, charities, public sector and not-for-profit organisations.

What are the benefits?

Cyber Essentials provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability. Organisations that are good at cyber security can make this a selling point; demonstrating to their customers, through Cyber Essentials, that they take cyber security seriously.

How will I show that I have been certified?

Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact.

Being able to advertise that you have met a Government-approved cyber security scheme will give you an edge over competitors in the same market.

Is there a time limit on accreditation?

The assessment process is a snap shot in time and it can only be effective on the day of assessment, much like an MOT for a car. New vulnerabilities are identified daily and we recommend organisations maintain the principles and controls on an ongoing basis and not just as preparation for the award. Organisations must re-certify annually.

Why the five controls?

CESG (part of the National Cyber Security Centre, NCSC) has carried out an analysis of successful cyber attacks on a wide range of organisations. This analysis has helped identify the basic technical controls which most effectively mitigate cyber attacks by unsophisticated attackers using tools which are widely available on the internet. Cyber Essentials comprises the core actions necessary to reduce the majority of these threats.

Will Cyber Essentials stop me getting hacked?

Cyber Essentials offers a sound foundation of basic security measures that all types of organisations can implement and potentially build upon. We believe that implementing these measures can significantly reduce an organisation’s vulnerability. However, it does not provide a silver bullet to remove all cyber security risk and you should carry out further works to mitigate against more advanced attacks. Risc IT Solutions can provide further advice and support.

Essentials or Essentials Plus?

There are 2 levels of certification: Essentials and Essentials Plus. Once an organisation completes Cyber Essentials, the Plus certification is granted if a successful assessment takes place within 3 months.

Level 1: Cyber Essentials

This basic level of certification is awarded on the basis of a completed self-assessment questionnaire,
verified by Risc IT Solutions consultants.

Level 2: Cyber Essentials Plus

This is a higher level of assurance. You will work with Risc IT Solutions consultants to test that the 5 key controls covered by Cyber Essentials are working in practice with simulated hacking and phishing attacks.

Risc IT Solutions consultants are accredited by IASME to assess and certify against the Government’s Cyber Essentials scheme requirements. We offer consulting services to assist organisations in achieving Cyber Essentials or Cyber Essentials Plus certifications.

Complete the form, press send and your enquiry will be directed straight to a member of the team.

Shortly afterwards, we will be in touch to discuss your requirements and answer any questions you may have.