Skip to content

Cyber Essentials

Cyber Essentials

The 5 requirements for Cyber Essentials certification

+

Correctly configure firewalls

Every device, including boundary firewalls, desktop computers, laptops, routers, servers, and cloud services like IaaS, PaaS, and SaaS, must be secured with a properly configured firewall. This reduces exposure to attacks by restricting access through firewall rules that allow or block traffic based on source, destination, and type of communication protocol. Software firewalls should also be used on devices connecting to untrusted networks, like public Wi-Fi hotspots. Key requirements include changing default passwords, preventing unauthorized access, and blocking unauthenticated inbound connections by default.

+

Properly Secure Network Devices

Default configurations often have vulnerabilities such as default passwords, unnecessary user accounts, and pre-installed applications that can be exploited. By proactively managing and regularly updating these settings, you can reduce vulnerabilities and ensure only necessary services are enabled. This includes removing unused user accounts, changing default passwords, disabling unnecessary software, and implementing proper device locking controls.

+

Manage Security Updates

Regularly discovered security flaws, if left unpatched, can be exploited by attackers as seen, for example, during the LastPass breach. Make sure all software is licensed, supported, and updated within 14 days of a critical or high-risk update release. Automatic updates should be enabled where possible, and unsupported software should be removed from devices. Applying these updates promptly helps mitigate security risks and maintain the integrity of your systems.

+

Control User Access

Only authorized individuals should have access to your organization's applications, computers, and networks. Assign user accounts only to authorized individuals and limit their access based on their roles. Special access privileges, such as administrative accounts, should be carefully managed to prevent unauthorized use. Measures include having a process for account creation and approval, authenticating users with unique credentials, implementing multi-factor authentication (MFA), and removing or disabling accounts when no longer required. Proper password management and user education are also key components of this requirement.

+

Manage Malware Protection

Malware protection aims to restrict the execution of known malware and untrusted software that can cause damage or access data, using anti-malware software or application allowlisting to prevent malware from running on devices. Anti-malware software should be updated regularly and configured to prevent the execution of malicious code and connections to malicious websites. Application allowlisting ensures that only approved applications, restricted by code signing, can execute on devices, thereby reducing the risk of malware infection.

Drive business with Cyber Essentials compliance

What exactly is Cyber Essentials and why does it matter to MSPs? Tune into this video to hear Chris Blunt, a UK-based licensed Cyber Security Assessor and Consultant, explain why this government-backed certification scheme is only going to grow in importance for the businesses that MSPs serve.

Meet Cyber Essentials requirements with ConnectSecure

No business in the UK can afford to ignore Cyber Essentials. For many, getting certified is increasingly becoming a prerequisite for winning government contracts. Watch now to learn from ConnectSecure President Srikant Sreenivasan and CISO Krishnakumar Kottekkat what it takes to meet the five technical controls of Cyber Essentials with ease.

Consider ConnectSecure your certification toolkit

turtle list icon

Automated Continuous Scanning & Remediation:: Helps MSPs stay ahead of threat actors by proactively scanning client environments, identifying and remediating vulnerabilities across various operating systems (Windows, Linux, Darwin, and ARM), and providing CVE links (Common Vulnerabilities and Exposures) for a deeper understanding of risks.

turtle list icon

Automated Scheduling: Ensures all systems are consistently monitored, up-to-date, and secure.

turtle list icon

EPSS Scoring: Uses the Exploit Prediction Scoring System (EPSS) to prioritize vulnerabilities based on their risk of exploitation.

turtle list icon

Patch Management: Identifies, manages and deploys security patches across all devices, including patches and updates in Microsoft Windows and 600 third-party applications.

turtle list icon

Compliance Reporting: Generates detailed compliance reports that align with Cyber Essentials requirements, simplifying the certification process for clients.

turtle list icon

Asset Inventory Management: Maintains a comprehensive inventory of all connected devices and software, ensuring that all assets meet security standards.

turtle list icon

Configuration Management: Monitors and enforces secure configurations on client systems, ensuring they adhere to Cyber Essentials guidelines.

turtle list icon

User Access Control: Manages and audits user access controls to ensure that only authorized personnel have access to sensitive information, a key component of Cyber Essentials compliance.

How Your Clients Benefit from Cyber Essentials Certification

As an MSP, helping your clients achieve Cyber Essentials certification can significantly enhance their security and business operations. This certification not only boosts their defenses against cyber threats but also instills confidence and trust among their stakeholders. Here are five key benefits your clients will experience by obtaining Cyber Essentials certification:

Enhanced Security Posture

Cyber Essentials certification ensures that your clients have implemented basic security controls to protect against common cyber threats, reducing the risk of breaches and data loss.

Increased Customer Trust

Achieving certification demonstrates your clients' commitment to cybersecurity, fostering greater trust and confidence among their customers, partners, and suppliers.

Regulatory Compliance

Many industries require compliance with specific cybersecurity standards. Cyber Essentials certification helps your clients meet these requirements, avoiding potential fines and legal issues.

Competitive Advantage

Certified organizations often stand out in the marketplace. Cyber Essentials certification can be a differentiator, helping your clients win new business and retain existing customers.

Cost Savings

By proactively addressing security vulnerabilities, your clients can avoid the significant costs associated with data breaches, including legal fees, fines, and reputational damage.

Start using ConnectSecure with a free trial!

Karl Bickmore, CEO, Snap Tech IT

Karl Bickmore

CEO | Snap Tech IT
“We're providing better reporting, better data, better planning, and it's helping us win more deals — like significantly more deals — and our sophistication has gone way up.”
Dennis Houseknecht, CTO, WatSec Cyber Risk Management

Dennis Houseknecht

CTO | WatSec Cyber Risk Management
“There's no all-in-one tool on the market — and I follow the market pretty closely — that has the depth and breadth of ConnectSecure's vulnerability scans, and that's presented in such an actionable way.”
McKaila Posey, Cybersecurity Services Manager, Entara

McKaila Posey

Cybersecurity Services Manager | Entara
“ConnectSecure has transformed our service delivery. Not only has ConnectSecure helped our clients really see the value we bring, but the metrics of our engineers also look fantastic.”
Paul Rouse, President and Owner, Rouse Consulting Group

Paul Rouse

President and Owner | Rouse Consulting Group
“ConnectSecure really has opened so many additional doors and capabilities to extend our cybersecurity suite of services. It’s made us more efficient in many ways”
Sandeep Kaushal, President, TeamLogic IT

Sandeep Kaushal

President | TeamLogic IT
“ConnectSecure is a very important tool for us to determine the health of our prospects during onboarding. There’s no impact on performance and we’re able to collect a lot of data. There’s twofold benefit to that — we know what’s going on with their infrastructure and clients know we can provide proof that we’re keeping an eye on things.”
cyber-essentials-guide-cta

See how helping customers with Cyber Essentials Compliance can help you grow your business

Flag cyber vulnerabilities—and know exactly how to remedy them

Want to see ConnectSecure in action? Sign up for a free trial!