Cyber Essentials

Cyber Essentials

The 5 requirements for Cyber Essentials certification

+

Correctly configure firewalls

Every device, including boundary firewalls, desktop computers, laptops, routers, servers, and cloud services like IaaS, PaaS, and SaaS, must be secured with a properly configured firewall. This reduces exposure to attacks by restricting access through firewall rules that allow or block traffic based on source, destination, and type of communication protocol. Software firewalls should also be used on devices connecting to untrusted networks, like public Wi-Fi hotspots. Key requirements include changing default passwords, preventing unauthorized access, and blocking unauthenticated inbound connections by default.

+

Properly Secure Network Devices

Default configurations often have vulnerabilities such as default passwords, unnecessary user accounts, and pre-installed applications that can be exploited. By proactively managing and regularly updating these settings, you can reduce vulnerabilities and ensure only necessary services are enabled. This includes removing unused user accounts, changing default passwords, disabling unnecessary software, and implementing proper device locking controls.

+

Manage Security Updates

Regularly discovered security flaws, if left unpatched, can be exploited by attackers as seen, for example, during the LastPass breach. Make sure all software is licensed, supported, and updated within 14 days of a critical or high-risk update release. Automatic updates should be enabled where possible, and unsupported software should be removed from devices. Applying these updates promptly helps mitigate security risks and maintain the integrity of your systems.

+

Control User Access

Only authorized individuals should have access to your organization's applications, computers, and networks. Assign user accounts only to authorized individuals and limit their access based on their roles. Special access privileges, such as administrative accounts, should be carefully managed to prevent unauthorized use. Measures include having a process for account creation and approval, authenticating users with unique credentials, implementing multi-factor authentication (MFA), and removing or disabling accounts when no longer required. Proper password management and user education are also key components of this requirement.

+

Manage Malware Protection

Malware protection aims to restrict the execution of known malware and untrusted software that can cause damage or access data, using anti-malware software or application allowlisting to prevent malware from running on devices. Anti-malware software should be updated regularly and configured to prevent the execution of malicious code and connections to malicious websites. Application allowlisting ensures that only approved applications, restricted by code signing, can execute on devices, thereby reducing the risk of malware infection.

Drive business with Cyber Essentials compliance

What exactly is Cyber Essentials and why does it matter to MSPs? Tune into this video to hear Chris Blunt, a UK-based licensed Cyber Security Assessor and Consultant, explain why this government-backed certification scheme is only going to grow in importance for the businesses that MSPs serve.

Meet Cyber Essentials requirements with ConnectSecure

No business in the UK can afford to ignore Cyber Essentials. For many, getting certified is increasingly becoming a prerequisite for winning government contracts. Watch now to learn from ConnectSecure President Srikant Sreenivasan and CISO Krishnakumar Kottekkat what it takes to meet the five technical controls of Cyber Essentials with ease.

Consider ConnectSecure your certification toolkit

turtle list icon

Automated Continuous Scanning & Remediation:: Helps MSPs stay ahead of threat actors by proactively scanning client environments, identifying and remediating vulnerabilities across various operating systems (Windows, Linux, Darwin, and ARM), and providing CVE links (Common Vulnerabilities and Exposures) for a deeper understanding of risks.

turtle list icon

Automated Scheduling: Ensures all systems are consistently monitored, up-to-date, and secure.

turtle list icon

EPSS Scoring: Uses the Exploit Prediction Scoring System (EPSS) to prioritize vulnerabilities based on their risk of exploitation.

turtle list icon

Patch Management: Identifies, manages and deploys security patches across all devices, including patches and updates in Microsoft Windows and 600 third-party applications.

turtle list icon

Compliance Reporting: Generates detailed compliance reports that align with Cyber Essentials requirements, simplifying the certification process for clients.

turtle list icon

Asset Inventory Management: Maintains a comprehensive inventory of all connected devices and software, ensuring that all assets meet security standards.

turtle list icon

Configuration Management: Monitors and enforces secure configurations on client systems, ensuring they adhere to Cyber Essentials guidelines.

turtle list icon

User Access Control: Manages and audits user access controls to ensure that only authorized personnel have access to sensitive information, a key component of Cyber Essentials compliance.

How Your Clients Benefit from Cyber Essentials Certification

As an MSP, helping your clients achieve Cyber Essentials certification can significantly enhance their security and business operations. This certification not only boosts their defenses against cyber threats but also instills confidence and trust among their stakeholders. Here are five key benefits your clients will experience by obtaining Cyber Essentials certification:

Enhanced Security Posture

Cyber Essentials certification ensures that your clients have implemented basic security controls to protect against common cyber threats, reducing the risk of breaches and data loss.

Increased Customer Trust

Achieving certification demonstrates your clients' commitment to cybersecurity, fostering greater trust and confidence among their customers, partners, and suppliers.

Regulatory Compliance

Many industries require compliance with specific cybersecurity standards. Cyber Essentials certification helps your clients meet these requirements, avoiding potential fines and legal issues.

Competitive Advantage

Certified organizations often stand out in the marketplace. Cyber Essentials certification can be a differentiator, helping your clients win new business and retain existing customers.

Cost Savings

By proactively addressing security vulnerabilities, your clients can avoid the significant costs associated with data breaches, including legal fees, fines, and reputational damage.

Start using ConnectSecure with a free trial!

Real results straight from our MSP community

Mitchell-Matter-lock-it

Mitchell Matter

Co-founder | LockIT Technologies
“Implementing ConnectSecure has significantly improved our approach to cybersecurity. The efficiency gained from agent-based scanning and the cost savings have allowed us to offer top-tier protection to our clients without breaking the bank.”
Trent-Gasser-palitto

Trent Gasser

IT Consultant | Palitto Consulting Services
“The platform is intuitive and user-friendly, and our team readily adopted it. It’s become a talking point in most new client conversations and strategy meetings with existing customers.”
Luis-Alvarez-Alvarez-Tech

Luis Alvarez

CEO | Alvarez Technology Group
“ConnectSecure allows us to run regular, in-depth vulnerability scans, ensuring our patching strategies are effective and any new security weaknesses are quickly identified and addressed.”
Simon-Hopkin-itps

Simon Hopkin

Head of Cyber Security | ITPS
“ConnectSecure has been an excellent 
tool for us to drive engagement. It’s very quick and easy to deploy and you get almost immediate results.”
no-one

Christophe Gagnon

Director | CyberVision 24/7
“We use everything—external scanning, reports, PII detection, firewall integration… The value for the price is really good.”
karl-bickmore

Karl Bickmore

CEO | Tech IT
“We’re providing better reporting, better data, better planning, and it’s helping us win more deals—like significantly more deals—and our sophistication has gone way up.”
dennis-houseknecht

Dennis Houseknecht

CTO | WatSec Cyber Risk Management
“There’s no all-in-one tool on the market—and I follow the market pretty closely—that has the depth and breadth of ConnectSecure’s vulnerability scans, and that’s presented in such an actionable way.”
tim-fournet

Tim Fournet

CISO | Rader
“The fact this platform is built with service providers in mind means we can use it across our client base hassle-free at a cost that makes it a no-brainer to bundle with our other services.
cyber-essentials-guide-cta

See how helping customers with Cyber Essentials Compliance can help you grow your business

Flag cyber vulnerabilities—and know exactly how to remedy them

Want to see ConnectSecure in action? Sign up for a free trial!