Cyber Essentials Certification: Small Business Guide (2025)
What is Cyber Essentials?
Cyber Essentials is a UK Government-backed scheme that helps protect small businesses from common cyber threats. It focuses on five key security controls :
- Access control
- Secure configuration
- Patch management (updates)
- Malware protection
- Firewalls & internet gateways
By getting certified, you reduce risk, build customer trust, and often qualify for tenders and free cyber insurance (up to £25k) .
Why get certified?
- Blocks up to 80% of common cyber-attacks
- Builds trust with customers & partners
- Often required for public sector contracts
- May lower insurance costs
- Gives peace of mind for business owners
What’s new in 2025?
- Remote & hybrid work covered – all laptops, tablets, and mobiles must comply
- Multi-factor authentication (MFA) – now mandatory
- All endpoint devices included – not just servers
- Fast patching – critical updates within 14 days
- Work/personal account separation – keep business accounts secure
Cyber Essentials Checklist ✅
Before you start, make sure you can say “yes” to these questions:
- Do all staff have individual logins and strong passwords + MFA?
- Are unused accounts/apps removed and devices securely configured?
- Are updates installed automatically and high-risk patches applied within 14 days?
- Is anti-virus/malware protection/EDR installed on all devices?
- Are firewalls enabled on routers, laptops, and desktops?
- Do you have a list of all devices and software used in your business?
- Are work accounts separate from personal use?
How to get certified
Cyber Essentials is a self-assessment , but small business owners often save time and stress by using an IT partner.
At FOS.net IT , we’ve built a simple process for small businesses:
- Templates to speed up your answers
- Hands-on help with remediation tasks
- End-to-end support until you’re certified
📩 Ready to protect your business?
Get in touch and we’ll guide you through certification step by step.