The Cyber Essentials Checklist Your Business Needs

Read on for a rundown of the Cyber Essentials scheme and get your free Cyber Essentials Checklist. 

What is the Cyber Essentials Scheme? 

If your work has had any crossover with the UK government, you will have probably heard the words’ Cyber Essentials mentioned. In 2014, the UK government recognised the enormous risk of cyber-attacks to businesses that worked with them.
They also found that most of these risks were avoidable by following basic security measures. In response to this, they launched the Cyber Essentials scheme. 

Ensuring a standard level of cybersecurity across all suppliers, even small businesses without IT teams dedicated to cybersecurity could be protected. In the last few years, SMEs (small and medium enterprises) have suffered increasingly crippling cyber-attacks – many could have been prevented with Cyber Essentials compliance. 

What are the certification standards? 

Cyber Essentials are precisely that. The standard. Every business should take the necessary actions to ensure comprehensive digital security and protection from threats. The scheme offers SMEs two certification standards to choose from Cyber Essentials & Cyber Essentials Plus. 

Earning a certification proves a commitment to cyber safety to business partners and customers. Let’s take a closer look at the Cyber Essentials scheme as a whole and explain the difference between the two certifications. 

Cyber Essentials  

The certification process is the first step to cyber security in the UK. It explains and outlines the security controls organisations must have to protect their data.  

The scheme assesses your business on five security controls: 

• Firewalls and internet gateways: 

• Secure configuration:  

• User access control:   

• Malware protection:  

• Patch management:  

Once you have these basic controls in place, you must fill out a Cyber Essentials questionnaire confirming that you have met the conditions. You then send the questionnaire for review by the certification body. 

Cyber Essentials Plus 

While Cyber Essentials Plus has the exact requirements as Cyber Essentials (all five security controls in place), there are a couple of differences.  

Cyber Essentials Plus includes an independent assessment that a licensed auditor carries out. After completing the self-assessment, an auditor will come to your location or remotely access your network. They will check for issues and ensure your assessment is correct. The check includes: 

• Testing anti-malware software by sending emails. 

• Checking for outdated software on a device. 

• Testing how different users access files. 

Which certification is right for my business?  

The certification that you aim for depends on your business’ circumstances. Cyber Essentials certification is a solid starting point that shows that you care about data protection. If you hold any sensitive data, you should consider getting the Plus certification.
If you’re unsure, start with the Cyber Essentials, and you can always add the Plus version further down the line. However, be aware that to achieve Cyber Essentials Plus, you must have completed Cyber Essentials within the last three months. 

Get your free Cyber Essentials Checklist   

Cyber Essentials certification is an investment in the future and security of your business. We want to make it easy to see what steps you need to take to be Cyber Essentials compliant. Download our Cyber Essentials checklist and our Cyber Essentials Plus checklist.  

[button text="Download Cyber Essentials Checklist" URL="https://www.airit.co.uk/wp-content/uploads/2025/02/AirSec-Cyber-Essentials-Checklist.pdf" Type="primary" Size=""] [button text="Download CE PLUS Checklist" URL="https://www.airit.co.uk/wp-content/uploads/2025/02/CE-Plus-audit-checklist.pdf" Type="primary" Size=""]

Air IT can help you every step of your Cyber Security journey. We’ll conduct a Cyber Essentials gap analysis to help you decide what actions your business should take. We’ll audit your security controls and train your team in Security Awareness. As a fully trained and licensed Certification Body, we’ll help you implement and achieve the Cyber Essentials and Cyber Essentials PLUS certifications.