Cyber Essentials

Your business is at risk from cyber criminals. They are after your data, confidential information and your money! But help is at hand … in the form of Cyber Essentials, a scheme designed by the Government to make it easier for you to be protected.

Cyber Essentials requires your organisation to have five technical controls in place:

Boundary firewalls
Secure configuration
User Access control
Virus and Malware protection
Patch management

And it offers a certification process so you can demonstrate that you have taken the essential precautions.


Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Implementing these measures can significantly reduce your vulnerability.

It does not offer a silver bullet to remove all cyber security risk. But it does define a focused set of controls that will provide cost-effective, basic cyber security for organisations of all sizes.

In 2017, the WannaCry ransomware cyberattack crippled the NHS and infected computers in 150 countries - its organisations of all sizes that are at risk.

Failing to protect your business can be costly in other ways, too. One company that suffered a cyber attack, before the introduction of the GDPR, was fined £60,000 by the Information Commissioner’s Office (ICO). An investigation by the ICO found Berkshire-based Boomerang Video Ltd failed to take basic steps to stop its website being attacked.

Cyber Essentials certification will help you to avoid suffering an attack or being penalised for a lack of action. It is also worth noting that fines under the General Data Protection Regulation (GDPR), can be up to 4% of global turnover or €20M, whichever is higher. You can see some of the recent fines here.

We can help you along the path towards having the technical controls in place and gaining certification.


We will work with you to ensure the correct processes are in place for each of the five technical controls to help you to gain Cyber Essentials Certification. This will include:

Preventing unauthorised access with boundary firewalls.
Setting up systems securely using secure configurations.
Restricting access to those who need it with Two Factor Authentication.
Anti-virus and malware protection.
Managed software updates and patch management.

This will be partially achieved through a pre-questionnaire as well as gap analysis. We will then be able to score your current state and propose a plan to rectify any issues, with work being conducted by your own team or by one of the experts here at Infinity.