Cyber Essentials Certification & Accreditation

Cyber Essentials certification, consultancy and support for the UK Government-recognised IT security standard, helping businesses in London strengthen their defences and achieve compliance.

Speak to a Cyber Essentials expert

Providing Cyber Essentials certification to businesses across London

Show your commitment to IT security by achieving or renewing your Cyber Essentials or Cyber Essentials Plus certification. Our experienced Cyber Essentials consultants help businesses across London and Greater London meet necessary security standards. Our Cyber Essentials services will ensure your IT systems are compliant, providing a streamlined path to certification whilst enhancing your organisation’s protection against cyber threats.

IT support Laura-devine

The Final Step provides a professional, user-friendly, solutions-focused service. I have recommended the company to many contacts.

Laura Devine - Managing Partner, Laura Devine Immigration

City of London, London

IT Support company peter-martin-intermusica

TFS’s philosophy of building long-term working relationships is evident throughout. They care about partnership rather than just short-term transactions.

Peter Martin - Director, Intermusica

Westminster, London

The Final Step did a really fantastic job. We are a highly demanding client and have very specific requirements. Throughout the whole process, TFS maintained a methodical, thorough approach which has resulted in a first-class set-up which supports us perfectly.

Mark McDerment - Finance Director

London

We have used The Final Step as our IT support for nearly a year and a half and we couldn’t be happier with the level of service that they provide. They have helped to massively transform our IT infrastructure, enabling us to tighten our security as well as seamlessly moving us to cloud-based working.

Nicola Creighton - Office Manager, Fox Rodney Search

City of London, London

What is Cyber Essentials certification?

Cyber Essentials

Cyber Essentials is a UK Government-backed certification designed to help organisations protect themselves against common cyber threats. This scheme establishes a set of essential IT security controls that organisations of all sizes can implement to safeguard their systems and data. By achieving Cyber Essentials certification, businesses demonstrate their commitment to cyber security, enhancing trust with customers and partners.

 

Certification levels

There are two levels of Cyber Essentials certification: Cyber Essentials and Cyber Essentials Plus. The basic Cyber Essentials certification focuses on foundational security controls, while Cyber Essentials Plus accreditation requires more rigorous testing, such as audits and internal and external vulnerability scanning. This tiered approach allows organisations to choose the level of assurance that best fits their needs and risk profile.

 

Importance

Cyber Essentials certification is increasingly becoming a requirement for public sector contracts and is recognised across various industries. Many organisations now mandate this certification to ensure that their suppliers and partners adhere to essential cyber security practices. By obtaining Cyber Essentials, businesses not only comply with regulations but also position themselves as responsible and secure companies to do business with.

 

Key benefits

The benefits of Cyber Essentials are significant. Organisations that achieve certification often experience an enhanced security posture, reducing the risk of cyber incidents. Additionally, it strengthens their reputation, showing clients and stakeholders that they prioritise cyber security. There are also potential insurance benefits, as many insurers offer lower premiums to certified organisations, recognising their commitment to mitigating risks.

What does Cyber Essentials cover?

Achieving either Cyber Essentials or Cyber Essentials Plus accreditation not only helps protect your organisation from cyber threats but also demonstrates your commitment to cyber security. This can enhance your reputation with clients and partners and is often a requirement for bidding on government contracts.

Firewalls & Routers

Cyber Essentials Basic

1 Firewall

These are essential for blocking unauthorised access to your network.

Read more
Properly configured firewalls and routers act as barriers between your internal systems and external threats.

Secure Configuration

Cyber Essentials Basic

2 Secure Configuration

Ensuring that all systems and applications are set up securely is crucial.

Read more
Default settings are often not secure, so it’s important to configure them according to security best practices.

Access Control

Cyber Essentials Basic

3 Access Control

Implementing strict access controls ensures that only authorised users can access sensitive data and systems.

Read more
This includes effectively managing user accounts and permissions.

Malware Protection

Cyber Essentials Basic

SIEM icon

Organisations must have measures in place to detect and prevent malware attacks.

Read more
This includes using anti-virus software and ensuring it is regularly updated.

Security Update Management

Cyber Essentials Basic

5 Updates

Keeping software and systems up to date is vital for protecting against vulnerabilities.

Read more
Regular updates and patches help close security gaps that could be exploited by attackers.

Third Party Assessment

Cyber Essentials Plus

6 Third Party

An authorised third-party certifying body conducts assessments to ensure all end-user devices meet security standards.

Read more
This includes testing machines to confirm they are securely configured and compliant with Cyber Essentials Plus requirements.

Vulnerability Testing

Cyber Essentials Plus

Pen Test icon

This involves scanning your systems for known vulnerabilities that could be exploited by attackers.

Read more
The testing helps identify weaknesses in your security posture, allowing them to be addressed proactively.
 
Once undertaken, we receive a remediation report so we can fix any issues.

Further Technical Verification

Cyber Essentials Plus

8 Further verification

This comprehensive verification process includes checks on various security aspects, such as:

Read more
1. Anti-virus: Ensuring that effective anti-virus solutions are in place and regularly updated.
 
2. External gateways: Assessing the security of your external IP addresses to prevent unauthorised access.

3. Firewall settings: An in-depth review of firewall configurations to ensure they are optimal for protecting your network.

4. Mobile phones: Ensuring that mobile devices adhere to security policies.

5. MFA: Confirming that multi-factor authentication is implemented for cloud admin accounts to enhance security.

Why choose The Final Step as your Cyber Essentials consultants?

Meet the standard and verify it

We are Cyber Essentials experts and for many years have helped businesses in London implement the UK Government’s continually-updated baseline standard for cyber security. We partner with external auditors who verify our work before IASME certify it. In effect, we don’t mark our own homework but it is double-checked by our partners before we hand it in, inspiring confidence.

Protect your organisation against basic threats

Cyber Essentials is designed to address the most fundamental 80% of risks that organisations face. Setting that baseline helps keep you safe.

 

Protect your organisation against advanced threats

Cyber Essentials is not a fix for all security concerns. It doesn’t address the final 20% of risks. But whilst the standard stops there, we don’t. Good cyber security is about layers of security. Our risk assessment process, prioritising your most relevant risks and planning to mitigate them, means that Cyber Essentials plays just one part in a wider, more secure cyber security strategy.

 

Good security. Not for one day, but for all year

Cyber Essentials is a snapshot in time. Like an MOT, it shows your security meets the standard on a given date. But technology has many moving parts and your secure status will drift over time. That’s why you have to re-certify annually. However, we have a range of services you can add that monitor, maintain and intervene when your security is threatened.

 

Continuous improvement in the right areas, at the right time

Cyber Essentials is just one part of cyber security and, in turn, cyber security is just one part of managing your overall IT. Most businesses can’t afford to do everything all at once. Cyber security and your wider IT need to evolve over time. We have a proven process and track record of ensuring IT is at the service of the business.

 

Spend wisely and save money

Part of well-informed risk mitigation is about spending wisely. Cyber Essentials is an investment in your reputation as much as your technical measures. It’s worth bearing in mind that 50% of UK businesses reported cyber attacks or security breaches between April 2023 and April 2024, with just one data breach costing UK businesses an average of £2.93 million. No security measure can remove all your risk; being proactive and having a robust business continuity and disaster recovery process is crucial.

Partnered with and certified by the best

Free consultation on Cyber Essentials certification.

IASME’s freely available online directory of organisations certified in Cyber Essentials is becoming a frequently used tool for due diligence and benchmarking. Get in touch with us for a free 30 minute consultation if you would like to certify your standards and maintain them.