Why Cyber Essentials Matters for Small UK Businesses

Cyber Essentials is a government-backed scheme designed to help UK businesses protect themselves against common cyber threats.

What is Cyber Essentials?

CyberEssentials is a baseline configuration that focuses on five technical controls that protect against the most common internet-based attacks.

CyberEssentials 5 key technical controls

Cyber Essentials will ensure that you apply a good baseline configuration and add simple tools that will protect against 85% of the threats and help make it harder for users to accidentally cause problems.

Cyber Essentials is an annual process and requires you to submit a multiple page technical questionnaire. For a non technical person it will take up to 2 weeks work to collect the information and possibly further time to apply new configurations, perform remedial work before applying for the certificate.

The process and questionnaire adapts to latest threats and evolves to include new technology each year. You need to set aside time on a monthly basis to keep up to date. If you do this then teh annual work is massively reduced.

Cyber Essentials Readiness :
Could you answer a basic security questionnaire confidently today?

Ask the business owner to answer Yes / No / Not sure.

1️⃣ Do all company devices have a firewall enabled?

This includes:

  • PCs and laptops
  • Servers
  • Network routers

❗ Firewalls must be enabled and correctly configured on every device.

2️⃣ Are user accounts set up so staff only have access they actually need?

For example:

  • No shared admin accounts
  • Staff are not local admins unless required
  • Admin access is restricted and controlled

3️⃣ Are all devices protected by centrally managed anti-virus or anti-malware software?

This should:

  • Be active on all devices
  • Update automatically
  • Be monitored centrally (not just installed and forgotten)

4️⃣ Are operating systems and software kept up to date automatically?

Including:

  • Windows / macOS
  • Browsers
  • Microsoft Office
  • Third-party applications (e.g. Adobe, Java)

CE requires timely patching, not “when we remember”.

5️⃣ Do you use Multi-Factor Authentication (MFA) for cloud services?

Especially for:

  • Microsoft 365
  • Email
  • Remote access
  • Admin accounts

MFA is mandatory for Cyber Essentials where supported.

6️⃣ Are default passwords removed or changed on all systems?

Including:

  • Routers
  • Firewalls
  • Servers
  • New devices

Default credentials are an automatic fail.

7️⃣ Can you quickly list all devices that access company data?

For example:

  • PCs
  • Laptops
  • BYOD devices
  • Servers
  • Cloud systems

If the answer is “not really”, this usually indicates not ready.

8️⃣ Are staff prevented from installing unapproved software?

This includes:

  • Blocking unauthorised installs
  • Having a clear approval process
  • Avoiding “everyone can install anything”

9️⃣ Is remote access locked down and secure?

For example:

  • VPN or secure remote tools only
  • MFA enabled
  • No open RDP to the internet

🔟 Could you answer a basic security questionnaire confidently today?

Cyber Essentials is a formal self-assessment backed by evidence.

If answering these questions feels uncertain or risky:

You’re not ready yet — but you’re close.

Conclusion

Cyber Essentials provides a clear baseline for improving cyber security and demonstrating good practice. Achieving certification helps businesses reduce common cyber risks and proves to customers and partners that data security is taken seriously. As a result, many organisations now require their suppliers to be Cyber Essentials certified before doing business with them.

If you want help, visit our Cyber Essentials page.

Andy Morrison
Andy Morrison

Andy is a highly experienced network solutions engineer specialising in Mikrotik routers and Ubiquiti Wi-Fi. He is also the founder of Andisa IT. With over 44 years’ experience in the Electronics and IT industry, He has a passion for helping organisations make the most out

He is passionate about processes in a business and wants to de-skill work so that it is simple to understand and do. Andy enjoys collaborating with businesses to create bespoke IT strategies that meet their evolving needs.

Enjoy about working at Andisa IT?
I love seeing a issue being solved using our processes and system. I get a kick knowing that it happened quickly, smoothly and that we genuinely help the businesses in Yorkshire to achieve their own goals.

Articles: 117

Ready to Take the Stress Out of Your IT?

Book a free, no-obligation consultation with one of our friendly experts.
Let’s explore how we can support your business with reliable IT services, robust cybersecurity, and full compliance — all tailored to you.

  • No hard sell — just expert advice
  • Tailored to your business needs
  • Trusted by businesses across Yorkshire
Book Your Free Intro Call Now

Stay informed with the latest IT tips, cybersecurity advice, and exclusive resources.

This field is for validation purposes and should be left unchanged.
Consent(Required)
Andisa IT - Leading Managed  Service Provider in Yorkshire, serving Harrogate, Leeds, York, and surrounding areas.
microsoft partner logo
mikrotik partner logo
hornet security partner logo
heimdel partner logo
cyber essentials certified
3cx partner logo