Additional guidance information
About Asset Management
Know what you have, where it is and who is in charge of it . Asset management creates the foundation on which to build all of your other security features In a similar vein to backing up data, asset management isn’t a specific Cyber Essentials control, but it is a...
How and where to buy software
About malwareWhat is malware? Malware is short for malicious software, which is software that is designed to cause harm by disrupting, damaging or gaining access to a computer, without the owner's knowledge. Malware typically consists of code developed by cyber...
About VPNs
About VPNsWhat is a VPN? A virtual private network is a technology that allows a secure and private connection on the internet. Why do I need a secure and private connection on the internet? A regular internet connection is at risk of being tracked, intercepted and...
Guidance to BYOD
Guidance on Bring Your Own Device (BYOD)What is Bring Your Own Device? Bring Your Own Device (BYOD) is a widespread term for when a company allows employees to use their own laptops, tablets or phones for work purposes. In addition to mobile or remote devices owned...
About remote/home working
About remote / home workingWhat is remote or home working? Remote working is the practice of an employee working at their home, or in some other place that is not an organisation's usual place of business. Anyone working from home for any amount of time is classified...
The value of passwords
The value of passwords and how to strengthen your access controlPassword fatigue A password is the access key to almost every digital device and online account you use. In today's digital world, the average person has between 70-130 online accounts that require...
Applying MFA to access cloud services
Applying MFA to access cloud servicesA guide to using multi-factor authentication (MFA) to secure your cloud services. Organisations access their data and services hosted in the cloud over an internet connection. If access control to that information is not secure, it...
Applying the five controls to cloud services
Applying the five controls to cloud servicesWhat are cloud services? Different components of computing are available to users remotely over the internet and payable on demand or by subscription. Cloud services is the collective name for these externally managed...
About Virtualisation
About virtualisationWhat is virtualisation? Many organisations today use virtual servers (VS) and virtual machines (VM). Many employees log onto virtual desktops which allows them to use any device from any location to access the desk top they use for work. To the...
About scope for schools
The scope of your network defines what will and won’t be covered by the Cyber Essentials assessment.
About size of your school
About size of your school What is the size of your school or college? This question applies to the size of the organisation that you are presenting for certification. That might be just one school, or it might be a Multi-Academy Trust (MAT). For the purposes of the...
About 2 factor authentication
About 2 factor authenticationTwo-factor authentication, or 2FA as it’s commonly abbreviated to, adds an extra step to your basic log-in procedure for one of your online accounts. Without 2FA, you enter in your username and password, and then you’re done. The password...
About the cloud
About the cloudThe cloud is a term used for a series of remote access services that exist on the internet. When you access services or store information in the cloud, they are not located on your own personal device (e.g. the hard drive on your laptop, your phone or...
About phishing
About phishingLike many cyber attacks, phishing targets many people at the same time, but what is unique to phishing is that the attacker seeks to trick or con their victims into revealing sensitive information. This may take the form of an email, where the cyber...
About accounts
About accountsPeople who work in offices, or who share their computers, may already be familiar with separate user accounts on their computers. Separate accounts ensure accurate authentication and accountability. How else can you track and control who accesses the...
About scope of evaluation
About scope of evaluation The scope of your evaluation Cyber Essentials is suitable for businesses of all sizes Certifying your whole organisation Certifying only part of your organisation Boundary of scope IT equipment that does not connect to the internet Home...
About malware
About malware What is malware? How does malware get onto my device? Protect your laptops, servers and desk top computers with malware protection software Protect mobile devices Manufacturer approved software What is malware? Malware is short for malicious software,...
Removing unnecessary software
Removing unnecessary softwareSupported software Any type of software that you have installed on your computer device will at some point require updating. There are several reasons why software may need to be updated. When manufacturers create and release software,...
About password creation
About password creationPasswords are important Just think for a minute of your front door key. How many different doors does this key open? Would you be happy using a universal key to get into your house? Passwords are just like that unique key, they are an effective...
About routers
About routersAbout networks and routers A network is a collection of devices that can communicate with each other. A network can vary in size and complexity; it can range from something as small as your 'home network' – all the devices you have connected to your WIFI...