If you’re a small business aiming to achieve Cyber Essentials certification, you’re already taking a proactive step towards safeguarding your organisation. While the process can feel a little daunting at first, knowing where potential stumbling blocks lie can make your journey much smoother.
Here are some practical tips to help you get ahead and stay on track.
Read the Cyber Essentials Requirements Early
Before you dive in, we highly recommend reviewing the Cyber Essentials Requirements for IT Infrastructure v3.2. This official guide from the National Cyber Security Centre (NCSC) outlines the five key technical controls you need to meet:
- Firewalls
- Secure Configuration
- User Access Control
- Malware Protection
- Security Update Management
Understanding these controls early gives you a clear sense of what’s required, allowing you to map out key remediation tasks and avoid last-minute surprises.
If you’re unsure where to begin, our Cyber Essentials Gap Analysis is a great way to assess your current security posture and highlight areas for improvement.
Change Default Router and Firewall Passwords (Firewalls)
Still using the default password on your router or firewall? It’s time to change that. Default credentials are a known target for cyber attackers, and leaving them unchanged is like leaving your front door unlocked.
If you’re using a software firewall as a network boundary, make sure to update the local administrator password too. These small changes make a big difference in protecting your systems.
Turn Off AutoPlay (Secure Configuration)
AutoPlay may sound convenient, but it can be a security headache. It allows software from external media (like USB drives) or downloads to run automatically—without your permission.
To turn off AutoPlay in Windows 11:
- Open Settings
- Select Bluetooth & Devices
- Click AutoPlay
- Toggle the switch to turn AutoPlay off
Disabling AutoPlay reduces the risk of malicious software running without your knowledge, giving you better control over your devices.
Always Use Multi-Factor Authentication (MFA) (Secure Configuration)
Passwords alone aren’t enough anymore. For any cloud services—especially those accessible from the internet—Multi-Factor Authentication (MFA) is not just a good idea; it’s a requirement for Cyber Essentials.
MFA adds an extra layer of security by requiring a second form of verification (like a code sent to your phone). Be sure to enable MFA for:
- Cloud-based accounts
- Administrative accounts
If it’s available, use it. It’s one of the simplest and most effective ways to protect against unauthorised access.
Enable Automatic Updates (Security Update Management)
When software vulnerabilities are discovered, cyber attackers move quickly to exploit them. That’s why Cyber Essentials requires all high and critical updates to be applied within 14 days of release.
To stay compliant—and safe—make sure automatic updates are enabled for:
- Operating systems
- Software
- Web browsers
Regular updates ensure your systems aren’t left exposed to known threats. It’s a simple but powerful way to maintain strong cyber defences.
Separate Admin and User Accounts (Administrative Accounts)
Administrator accounts have elevated privileges, which makes them an attractive target for cybercriminals. Using an admin account for everyday tasks like checking emails or browsing the internet increases your risk.
Best practice? Use separate accounts for administrative tasks and daily use. Encourage your team to:
- Perform everyday tasks as a standard user
- Use admin accounts only when necessary (e.g., installing software)
This reduces the chance of a compromised account giving attackers free rein over your systems. Need help setting this up? Check out the Windows 11 account separation guide.
For additional resources to support your CE journey, check out the IASME Knowledge Hub, which offers comprehensive guidance to help you navigate the certification process. You can also use the IASME Readiness Tool to assess your preparedness before starting the application. And to familiarise yourself with the specific questions you’ll encounter, download the Self-Assessment Questionnaire for free.
Make Cyber Essentials Simple with Evolve North
At Evolve North, we understand that tackling Cyber Essentials can feel overwhelming—but it doesn’t have to be. Our Cyber Essentials Gap Analysis is designed to give you a clear picture of your current security posture and highlight the steps needed to achieve certification.
By addressing these key areas early, you can streamline the process, reduce stress, and confidently move toward a stronger, more secure organisation.
Want to know more? Get in touch with our expert team today at 01748 905 002 or info@evolvenorth.com. We’re here to make Cyber Essentials achievable and to help you stay protected.