Achieving Cyber Essentials

Beyond the Checkbox: Why CyberEssentials Matters

The UK government has set this as a minimum standard for UK businesses and you may need it for compliance or to bid on projects. We can quickly get your IT up to the standards needed and take care of all the technical aspects of getting the certificate as quickly as possible

Many businesses approach us needing Cyber Essentials certification simply to tick a box for contract bids. While that’s a valid starting point, there’s much more at stake.

Did you know that ransomware attacks typically cost organisations at least £8,000 per employee to remediate? For a business with 50 staff, that’s a potential £400,000 hit – not including reputational damage and lost business opportunities.

We help businesses in Sutton and beyond see Cyber Essentials not just as a certificate, but as a practical framework to protect your operations, data, and future.

Our 1-3 Month Process: Security WITH You, Not TO You

Our approach differs from typical IT providers. We believe security improvements should be done WITH your business, not TO it. Here’s how we make it happen:

Month 1: Assessment & Communication

Staff Communication & Buy-in We start by helping you communicate changes to your team, explaining WHY these security measures matter to them personally. When staff understand the reasons behind security policies, compliance rates jump dramatically.

Comprehensive System Audit We conduct a thorough audit of your:

• Workstations and laptops
• Server infrastructure
• Mobile devices
• Network equipment
• Software applications

Using our Remote Monitoring & Management (RMM) and Mobile Device Management (MDM) tools, we create a complete inventory of your digital assets – often revealing forgotten systems that pose security risks.

Month 2: Remediation Planning & Implementation

Replacement & Upgrade Planning Based on the audit, we develop a practical budget for necessary upgrades, prioritising critical vulnerabilities while being mindful of your financial constraints.

Multi-Factor Authentication Implementation We audit your existing systems and implement MFA across your web-based platforms – a requirement that trips up many businesses during certification.

Legacy System Handling We identify unsupported applications and systems, creating practical timelines for decommissioning without disrupting your operations.

Month 3: Policy Development & Certification

Practical Policies & Procedures We develop straightforward policies that work for businesses your size, not massive corporate frameworks that nobody reads. These include:

• Acceptable use policies
• Password management guidelines
• Data access protocols
• Remote working practices

Permission Auditing We review who has access to what data, implementing the principle of least privilege – giving staff access only to what they need for their role.

Certification Submission We handle the submission process, working through any questions from the certification body and advising on appropriate responses.

Cyber Essentials vs. Cyber Essentials Plus: Making the Right Choice

Standard Cyber Essentials works well for most businesses with 20-50 staff and basic IT infrastructure. It involves self-assessment with verification.

Cyber Essentials Plus includes external testing where assessors actively try to find vulnerabilities in your systems. It’s increasingly required for:

• Healthcare sector contracts
• Financial services partnerships
• Government or defense-related work
• Organisations handling sensitive personal data

We help you determine which level makes sense based on your specific industry, contracts, and risk profile.

Ongoing Security: Beyond Certification

Certification is just the beginning. Our most successful clients implement:

Weekly Security Awareness Training Brief, engaging 10-minute sessions that keep security top of mind rather than annual compliance training that everyone forgets.

Microsoft 365 Security Hardening While not strictly required for Cyber Essentials, we help clients maximise their existing Microsoft 365 security features – often at no additional cost.

Virtual CISO Services For businesses with 100+ staff, our Virtual CISO & vCIO provides strategic security guidance without the expense of a full-time executive.

Why Our Process Works for Growing Businesses

Businesses with 20-200 staff face unique challenges – you’re large enough to be targeted by cybercriminals but may not have dedicated security resources. Our approach is specifically designed for your situation:

1. We focus on practical improvements, not theoretical perfection
2. We understand how to implement security without disrupting operations
3. We speak in plain English, not technical jargon
4. We balance security requirements with budget realities

Contact us to discuss how our proven 1-3 month process can help your business achieve Cyber Essentials certification while genuinely improving your security posture.