What are Cyber Essentials? 

The National Cyber Security Centre’s (NCSC) Cyber Essentials scheme is a government backed certification that is designed to help you to protect your organisation. This is through mitigating the potential risks of the most common cyber threats, via ensuring the implementation of the fundamental cyber security controls and protection methods.


The required security controls are categorised into 5 basic technical themes, including: 

    • Firewalls
    • Secure Configuration
    • User Access Control
    • Malware Protection
    • Security Update Management 


Why Do I Need Cyber Essentials? 

By implementing the necessary protection measures to become compliant with the requirements of the Cyber Essentials scheme, your organisation will be more protected against the ever-growing threat of cyber-attacks. For this reason, Cyber Essentials is considered the best first step in securing your organisation, protecting you from approximately 80% of the most common cyber-attacks, for example phishing, malware, ransomware, or network attacks.

In addition, achieving the Cyber Essentials certification builds trust with the customers, and boosts the overall reputation of your organisation. This is because it will reassure customers that you are taking a proactive stance to cyber security, through demonstrating your commitment to protecting your data and network infrastructure. 


Moreover, becoming compliant with the Cyber Essentials scheme will attract and open new business. As an example, having the crucial cyber security controls in place can allow an organisation to apply for government led contracts, involving the secure handling of sensitive information. 


Frequently Overlooked Security Issues 


  • Ensure that the firewall is enabled on all devices and routers, as well as configured to block any unauthorised incoming connections by default. 

Secure Configuration:

  • Remove or disable any unused user accounts.
  • Uninstall any unnecessary software and applications.
  • Disable the AutoRun feature on all devices. 

User Access Control:

  • Have a clear, document account creation and approval process.
  • Have an appropriate password policy in place and implement Multi-Factor Authentication (MFA) where possible.
  • Only perform admin activities on an account with admin privileges (E.g. no emails or internet browsing) and remove special privileges when no longer required. 

Malware Protection:

  • Ensure that all devices are protected with anti-virus software, and it automatically scans files and pages. 

Security Update Management:

  • Remove unsupported software and applications.
  • Apply all updates within 14 days of release. 


Additional Resources 

To find out more about the Cyber Essentials scheme, the NCSC provide an overview of the certificate and offer answers to the frequently asked questions. 

In addition, a detailed list of each requirement within 5 control themes are provided in the following PDF file, and the Cyber Essentials Readiness Toolkit can be used to create a personal action plan, to receive guidance on the next steps to meet each requirement. 

Find Out More

If you enjoyed this briefing paper, check out our other digital resources which cover a wide range of topics, including quantum computing, social media, and 3D printing.

The Lancashire Cyber Foundry runs a series of business strategy and cyber workshops specifically designed for SMEs in Lancashire. We’re passionate about seeing Lancashire business become more cyber-aware and innovative and so offer funded places for companies to come and learn how to defend, innovate and grow their business. Additionally, we have an experienced technical team ready to help you with your business innovation ideas, particularly around cyber and digital innovation.

To find out more about how your business can access support or register on one of upcoming workshops, contact us: