Cyber security

Cyber Essentials Plus: becoming certified

01 February 2023

Bluecube are Cyber Essentials Plus certified, and we can support you in becoming certified too.

What are Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials Plus is a UK Government-backed and industry-supported certification scheme. It was created to help organisations demonstrate they can protect against cyber security threats. There are two types: Cyber Essentials and Cyber Essentials Plus.

  • Cyber Essentials acts as a foundational certificate achieved through self-assessment that determines if a company has the basic controls to mitigate risk from common cyber threats.
  • Cyber Essentials Plus is the highest level of certification achieved under the Government scheme. Organisations that have this will meet the basic requirements and fulfil the self-assessment and will also undergo rigorous technical verification. This is in the form of vulnerability testing, carried out by experts to examine the organisation’s systems in more depth. These tests look to identify if thorough protection is in place from cyber threats including hacking and phishing.
  • 1593257829770
  • What does it mean to be Cyber Essentials certified?

    There are several great reasons to become certified.

    - Cyber Essentials Plus is the highest level of certification offered under the Government scheme. By achieving it, the business is listed within the government registry of certified organisations, which can provide many opportunities and inspire confidence.

    - It is becoming almost impossible to do business offline, especially with hybrid work,  so it is also good practice to have a greater awareness of online security. 

    - By meeting the requirements, an organisation can provide assurances that its cyber security services and systems are highly secure, and this can improve trust with current and future clients.

    The 5 Controls of Cyber Essentials

    Cyber Essentials Plus contains 5 key themes that cover the foundations of effective information security. They are essential to keeping organisations and their systems safe. To achieve a Cyber Essentials certification, the Government require evidence that these 5 technical themes are met by the organisation. Bluecube delivers them as a basis for all cyber security support services.

    Let’s go into some more detail about what they are:


    Firewalls are designed to act as a virtual border between an untrusted network and the network it is protecting. It is a security device that comes in the form of computer hardware or software. They monitor traffic and block unrecognised, unwanted sources from gaining unauthorised access to private data on computers. They can be programmed to specific security rules dependent on the amount of protection needed and the type of systems it is used on.

    It is essential that firewalls are used to ensure that only secure and necessary network services can be accessed from the Internet.

    Secure configuration

    Network devices and computers will often come with pre-installed default configurations and settings. These default installations are not always secure as they have weak points that cybercriminals can use as opportunities to gain unauthorised access to sensitive information easily.

    These vulnerable configurations include unnecessary user accounts and applications.

    The secure configuration ensures the level of risk is reduced and that devices only fulfil their required role. This is done by applying technical controls and security settings, like two-factor authentication, to raise the levels of protection on software and devices and close the vulnerability gaps.

    User access control

    In the workplace, sharing user accounts and passwords with people you trust or are working with a team is often convenient. However, there are reasons administrator rights are only assigned to the authorised user and should not be shared. As they’re shared around, it widens the opportunities for exploitation.

    User access control is used to keep access to data and systems to a minimum by only allowing the authorised user access to settings, accounts, devices, and software to perform the intended role. Minimal levels of access should be granted, and administrative access must be managed effectively.

    Malware protection

    Malware (short for malicious software) refers to the many types of intrusive software, designed specifically to harm devices, software, or networks. It can come in many forms, such as ransomware, computer viruses, worms, adware, botnet software and spyware. Organisations need to protect against malware as cyber criminals can cause a lot of damage with these kinds of attacks. The criminals can design malware to do exactly what they want such as: steal sensitive information, damage or wipe files or lock systems, and demand financial ransom.

    In a world where technology is always growing, changing, and updating, nothing is immune to these kinds of attacks. This makes it even more important to have high-level malware protection in place.

    Patch management

    Phones, tablets, laptops, computers, software… They all require us to update them every so often but how does this affect security? Well, developers and manufacturers will release updates regularly and while you might not notice any visible changes or features, there are vulnerability and security fixes that are implemented with the update.

    The act of updating systems and devices regularly so they are up to date is called patching. You are putting a patch over any vulnerabilities that may arise. Automatic updates and modern replacement of some devices and software are sometimes necessary to stay fully protected.

    What are the benefits?

    • - We can reassure clients that they work hard to secure our and their IT systems, against cyber risk. 
    • - It guards businesses and their clients against the most common cyber threats.
    • - It demonstrates that you have an established overview of our cyber security level.
    • - Highlights you have undergone measures to enhance our security.
    • - Increased trust can be established with clients and employees.
    • - Organisations can be listed on the government registry of certified organisations
    • - Allows us to maintain and gain strong relations with clients who prioritise cyber security as much as we do.
    • - Minimises risks of having to pay extensive fines for data and security breaches. 

    How can Bluecube help you become certified?

    Bluecube is an IASME Certified Body, we can assess and certify other organisations for Cyber Essentials and Cyber Essentials Plus. We are responsible for conducting assessments, reviewing documentation, evaluating cybersecurity controls, and ultimately issuing certifications to organisations that meet the required criteria.

    Bluecube is also ISO 9001:2015, ISO27001:2017 and Cyber Essentials Plus certified, meaning that more than anything, we understand the processes, time, and effort it takes to become certified. We are qualified to assist businesses by providing consultancy so that we can help your organisation with the entire process. We also can offer advice and guidance regarding your current cyber security policies and frameworks. 

    One of the most overwhelming elements of becoming Cyber Essentials certified is that it can take a lot of effort to fulfil the self-assessment questionnaire because it is not as simple as ticking boxes. It will require a business to thoroughly investigate its systems, test them, and rectify any gaps or fixes along the way; it can almost become a full-time job for companies of a certain size. We have qualified consultants to help you assist with this.

    It is worth noting that the assessment processes are complementary, but different, for each certification;

    - Cyber Essentials: A self-assessment questionnaire to thoroughly verify your compliance with each of the 5 controls (boundary firewalls and internet gateways, secure configuration, user access control, malware protection, and patch management). The self-assessment questionnaire is reviewed by Bluecube (an IASME Certifying Body) to verify compliance with the Cyber Essentials requirements.

    - Cyber Essentials Plus:  In addition to the requirements of Cyber Essentials, CE+ includes an independent technical assessment and vulnerability testing by Bluecube. This involves vulnerability scanning and simulated hacking attempts to evaluate the effectiveness of your cybersecurity defences.

    Bluecube can provide the right level of support for your organisation, so talk to us today - we want to make your world more secure.

    Contact us – We take cyber security seriously

    Here at Bluecube, our main priority is keeping our clients safe and secure. Our cyber security services ensure your business is more resilient to cyber-attacks. As ISO27001 and Cyber Essentials Plus certified IT and cyber security providers, you can turn to us. 

    Give our team a call today at 0845 257 8010, or fill out our online enquiry form and one of our team will be in touch soon.