What is Cyber Essentials

What is Cyber Essentials

Cyber Essentials is a National Cyber Security Centre standard, recommended by the government for all organisations, no matter their size. It is designed to enable organisations (whether you are a business, charity, club, or any type of organisation) to take minimum steps to protect yourself from cyber threats. In some cases, it is also required by some businesses to access contracts that require certification, to show that you take cyber security seriously.

There are two tiers, self-led, and Plus, which involves a technical audit to verify that you have the controls in place, providing you, but also others more assurance that you are complying with the standard.

The technical controls for Cyber Essentials are:

  • Firewalls: ensuring that these devices are protected from unauthorised access by configuring and verifying the way they operate, for instance, by changing the default admin passwords, blocking inbound connections by default, or using firewalls on individual devices, not just on your network.
  • Secure configuration: Securing devices and software by removing unnecessary functionality, hardening their configurations. How many times do you buy a PC and it comes from free bloatware that just takes up space, and continuously tries to get you to buy something you didn’t ask for? Also, removing or disabling unused user accounts, changing default passwords, and updating software
  • User Access Control: This is one where most people get caught short. Limiting user permissions to only what is necessary for their role, to reduce risks from compromised accounts. How many times do you read that a company had their data compromised by an employee that innocently clicked on something they thought was a legitimate link? With the right access control, you can mitigate this. Access control on its own does not guarantee nobody will fall for a phishing attempt, but it might help reduce the blast radius.
  • Malware Protection: Malicious software is everywhere, and having the right tools to reduce risk of them being able to get through is important. Antivirus, blocking malicious sites, etc.
  • Security Update Management: This is related to securing configuration. Ensure that software, operating systems and firmware are up to date. This includes servers, if you still have them, as well as individual devices such as laptops and phones.

Put together, these controls work together to secure an organisation’s IT infrastructure. We are all under scrutiny by malicious actors online. All it takes is a crack on the door for them to get in and cause havoc. Taking these steps is a good step towards securing your organisation.

Although no control set will guarantee complete protection, Cyber Essentials gives you a good structured starting point, and increasingly it is a commercial necessity. If you’d like to have a chat in plain English about this to understand what it means for your organisation, get in touch

Book some time to talk

Patricio Colombo — Net Tech IT, Horsham. Managed IT support for businesses
across the South

CyberEssentials #CyberSecurity #SME #ITSecurity #NCSC

Posted On: 6 May 2026