Cyber Essentials

The benefits of achieving Cyber Essentials
Cyber Essentials
IASME Cyber Essentials

Ready to Start?

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for organisations of all sizes to help demonstrate to customers and other stakeholders that the most important basic cyber security controls have been implemented.


The benefits of achieving Cyber Essentials certification

According to the UK government, “Around 80% of cyber attacks could be prevented” with just five basic security controls.

Even without achieving certification, the scheme’s controls provide a basic level of protection that can ward off the vast majority of cyber attacks, allowing you to focus on your core business objectives.

Cyber Essentials Plus
Properly implementing the controls has the additional advantage of driving business efficiency throughout the organisation, saving money and improving productivity.

Related Services


What are the Five areas ?

If a cyber criminal is explicitly targeting your organisation using bespoke tools they have created to gain access, then Cyber Essentials will likely not be adequate to protect your systems.

However, for the more common and freely available hacking tools, it is an excellent starting point.


Click on the frequently asked questions to learn more;


Secure Configuration
Web server and application server configurations play a key role in cyber security. Failure to properly configure your servers can lead to a wide variety of security problems.

Computers and network devices should be configured to minimise the number of inherent vulnerabilities and provide only the services required to fulfil their intended function.

This will help prevent unauthorised actions being carried out and ensure that each device publicly discloses only the minimum information about itself.

A scan can reveal opportunities for exploitation through insecure configuration.

Boundary Firewalls
Firewalls are designed to prevent unauthorised access to or from private networks, but both hardware and software need to be properly set up to be fully effective.

Boundary firewalls and Internet gateways determine who has permission to access your system from the Internet and allow you to control where your users can go.

Antivirus software may help protect the system against unwanted programs, but a firewall helps keep attackers or external threats from getting access to your system in the first place.

To adjust the security provided, much like any other control function, you can make changes to the firewall ‘rules’.

Access Control
Even though it is tempting, for convenience’s sake, to give many users administrator rights, it is important to minimise access to your data and services to reduce the risk of a criminal hacker being presented with open access to your information.

Obtaining administrator rights is a key objective for criminal hackers, as this allows them to gain unauthorised access to applications and other sensitive data.

User accounts, particularly those with special access privileges, should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.

Patch Management
Any software is prone to technical vulnerabilities and, once discovered and shared publicly, cyber criminals rapidly exploit them if they are not properly patched or updated.

Regularly updating software and operating systems will help fix any known weaknesses. Doing this as quickly as possible is crucial to mitigating the risk of a criminal hacker exploiting it first.

Malware Protection
It is important to protect your organisation from malicious software (or ‘malware’), which will seek to access files on your system.

Can wreak havoc by stealing confidential information, damaging files or, in the case of ‘ransomware’, locking files and preventing access unless you pay a ransom.

Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware) and including options for virus removal will protect your computers, your important documents and your privacy.

The Certification Process Explained

Cyber Essentials

A self-assessment option that demonstrates you have key controls in place to help protect against a wide variety of common cyber attacks. It includes a self-assessment questionnaire (SAQ) and an external vulnerability scan. The certification process has been designed to be lightweight and easy to follow.

Cyber Essentials Plus

A more advanced level of the scheme that includes all steps of a Cyber Essentials application, as well as an internal assessment of the five security controls and an internal vulnerability scan on a sample of workstations and mobile devices. Cyber Essentials Plus is a requirement for organisations looking to work with the MOD.


This service is a bolt on to the Cyber Essentials service, provided by our expert consultants, which is up to 2 hours online consultancy to answer any


This service is a bolt on to the Cyber Essentials service, provided by our expert consultants, which is a full days onsite consultancy to assist and advise on the application.


Our aim with this service is to get you passed, first time. If there is a failure, we can advise and help with the remedy and then arrange a re-scan at an additional consultancy cost.

Contact Us

01727 634455

54-56 Victoria Street, St Albans, AL1 3HZ

Monday-Friday: 8am - 5pm

Get Started

Pin It on Pinterest

Share This