One reason Cyber Essentials works so well for small and medium-sized businesses is its clarity. It focuses on just five technical controls, chosen because they prevent the most common cyber-attacks. Below is a plain‑English explanation of each control and what it usually looks like in a real Sussex business.
1. Firewalls and Internet Gateways
Firewalls act as your business’s first line of defence, controlling what traffic can enter and leave your network. For Sussex businesses, this usually means:
- Making sure your internet router or firewall is correctly configured
- Avoiding unnecessary services being exposed to the internet
- Ensuring remote workers are also protected
2. Secure Configuration
This control focuses on removing unnecessary risks caused by default settings, unused features or old accounts. Typical examples include:
- Removing software, you don’t need
- Locking down device settings
- Ensuring laptops are built to a secure standard
Consistency is key; every device should meet the same baseline.
3. User Access Control
This principle is simple: people should have access only to what they need to do their jobs. Common improvements include:
- Removing unnecessary admin rights
- Separating everyday user accounts from admin tasks
- Ensuring leavers lose access promptly
This significantly reduces risk if an account is compromised.
4. Antivirus and Malware Protection
Malware protection must be in place on all devices, not just some. That includes:
- Laptops used at home or on the road
- Shared office devices
- Ensuring protection is active and updating
5. Security Update Management
Unpatched systems remain one of the most common causes of cyber incidents. Cyber Essentials requires:
- Operating systems to be kept up to date
- Security updates to be applied promptly
- Third‑party applications not to be ignored
Why businesses often “almost pass”
Most businesses already meet several of these controls. Where problems arise is inconsistency:
- One or two laptops aren’t updating
- An old account still has admin access
- Endpoint protection isn’t reporting correctly
This is where structured preparation makes a big difference.
How we help Sussex businesses get it right
As both an MSP and a Cyber Essentials Certification Body, we can:
- Identify the gaps quickly
- Implement the fixes properly
- Guide the assessment without confusion
If you want a fast, practical view of how your business measures up against the five controls, contact us for a Cyber Essentials gap review.