Skip to the content

Cyber Essentials

We provide Cyber Essentials and Cyber Essentials Plus under the IASME consortium, the official government partner
48% of UK businesses have a basic cyber skills gap
A UK small business is successfully hacked every 19 seconds
Around 80% of the most common cyber attacks can be prevented through the implementation of straightforward, affordable measurements that form the Cyber Essentials Scheme.

Show you're serious about cyber

How can you show your customers and prospects that their financial, personal and company data is safe in your hands? With recent government figures revealing that breaches or attacks have been identified in almost a third of UK businesses in the last year, customer concerns about the security of their data has never been higher.

A UK Government Cyber Essentials accreditation provides reassurance that you are taking proactive steps to combat cybercrime. It gives you a clear indication of how well armed you are against cyber threat — and it’s increasingly a mandatory requirement when tendering for new contracts.

Cyber Essentials Packs & Pricing

Cyber Essentials   

This self-assessment process provides a framework for ensuring the five key technical controls (secure internet connection, secure configuration, malware protection, user control and up-to-date devices and software) are correctly in place. Once the survey is completed in the online portal, we’ll audit the documentation. 


Enquire Now

Cyber Essentials Plus

Once you’ve achieved Cyber Essentials, you can progress to Cyber Essentials PLUS certification. It’s a thorough assessment of your organisation and includes a technical review of your infrastructure, with verification carried out by our Cybersecurity specialists remotely. The external vulnerability scan will include patch auditing, malware testing, web/email assessments. 


Enquire Now

The Five Cyber Essential Technical Controls 

Creating a buffer between your IT network and other external networks, a firewall protects your internet connection, analysing incoming traffic to identify whether access should be allowed to your network. 

Cyber Essential Certification Requirement - A firewall must be configured and used on all devices, particularly those connected to public or untrusted Wi-Fi networks. 

Default configurations of new software and devices are set to be as easy as possible to connect and use, which creates vulnerabilities if left unchanged. Settings should be checked, disabling and removing uneccessary functions and services, while default passwords should be updated before deployment. 2FA (Two-factor authentication) should be used for the most data sensitive accounts. 

Cyber Essential Certification Requirement - Only necessary software, accounts and applications are used. 

In allowing access to those — and only those — accounts (software, settings, services and functions) that your people need in their specific job role, the risk of potential damage can be minimised. 

Cyber Essential Certification Requirement - Access to your data must be controlled through user accounts, with controlled administration level privileges given only to your people who specifically need them. 

Malware — including ransomware and viruses — comes from a range of sources, including infected email attachments or USB memory sticks. Anti-malware measures are included within the most popular operating systems. Malware can be introduced to a network when a rogue application is downloaded, so white listing, giving users the ability to install and run only applications authorised by the administrator, offers good protection. Sandboxing, running an application in an environment with restricted access to the rest of your devices and network, helps keep your data beyond the reach of malware. 

Cyber Essential Certification Requirement - At least one approach, anti-malware measures, whitelisting or sandboxing must be implemented. 

Operating systems and applications become vulnerable if they are not up kept to date. In order for patches, whether new features or fixes to security vulnerabilities, to be applied, your operating systems, programmes, phones and apps should be set to "automatically update" where possible. When no longer supported, systems and applications should be considered for replacement. 

Cyber Essential Certification Requirement - Devices, software and apps must be kept up to date. 

Why Chess

Chess are acknowledged experts in the assessment of threat and vulnerabilities in IT estates.  

As a Certification Body for the Cyber Essentials scheme, we’re able to offer the same level of expertise to businesses of all sizes and sectors.   

IASME & CREST Accreditation 

We provide Cyber Essentials and Cyber Essentials Plus under the IASME consortium, the official government partner. We’re also certified by CREST which demands stringent standards, including appropriate levels of quality assurance processes; security controls; security assessment methodologies meeting CREST’s additional qualification criteria; signing of an enforceable Code of Conduct and proven access to technically competent, qualified staff. 


Useful Resources


Cyber Essentials & Cyber Security


Cyber security skills in the UK labour market 2020

Tips Sheet

Cybersecurity Checklist - The Five Basic Controls


5 Top Tips To Keep Your Cloud Secure

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.