Cyber Essentials can help small businesses prepare for cybersecurity

Posted by John Kennedy on Dec 22, 2019 9:12:30 PM
John Kennedy

Cybersecurity attacks can cripple small businesses that aren't prepared. There's a lot of threat actors out there as firms become increasingly reliant on technology, making themselves vulnerable to malicious cyber attacks. 

It requires expertise to protect a business properly. Unfortunately, small businesses have a hard time to be able to afford a full-time security professional and are at risk of being breached either through a lack of awareness or from taking no actions to address threats.

Over the last few years, scams and cyber-attacks have become far too commonplace for businesses in the UK and at the same time the use of mobile devices and cloud services has exacerbated an already high threat level.

When it comes to cyber crime, small businesses are not exempt from the disruption and the consequences of attacks that make the headlines with larger organisations from the NHS to British Airways. 

Small businesses (SMBs)

If anything, smaller businesses can be deemed more vulnerable,  perceived as a softer target because of a lack of resources, absence of security policies, security awareness and low investment in their cyber defences. 

According to the Cyber Security Breaches Survey 2019, 78% now see cybersecurity as a high priority. However, only 15% of small businesses have a formal cyber incident management process. 

Often the root cause of a cyber-attack came from an email, a user opened up something malicious and allowed it access to a business application or their work environment. 

What a lot of businesses don't realise is that the impact of a data breach can take them completely offline. They now have to address not only a loss of productivity but how it impacts their clients data. A lot of businesses suffer the consequences of not having in place a proper incident response plan to deal with a cyber attack.

According to the Business Population Estimates conducted by the UK Government, almost half (43%) of British SMBs admit to having no business continuity, disaster recovery or crisis management plans in place, despite almost the same number of UK businesses (46%) suffering at least one cyber security breach or attack and are clearly not prepared to manage the consequences of an attack.

A lot of small businesses may feel that they're not on a cyber-attackers radar. They don't feel that their business is large enough or that their data is sensitive enough to justify the effort to secure their infrastructure and put a robust defence in place. Which is an ideal situation for the cyber-criminal, they're hoping you're not making security a priority so that they can trigger a ransomware attack or make an attempt to steal your data.

A KPMG survey suggests that only 23% of small businesses prioritise cybersecurity as a top concern. This is being said even though 60% of small businesses have experienced a cyber breach that led to brand damage and loss of clients.

As an SMB, the UK Government is helping by providing a range of standards and guidelines and the most useful of these is Cyber Essentials.

What is Cyber Essentials?

Cyber Essentials is a UK Government backed scheme that aims to show organisations how to protect themselves and prevent the most common cyber attacks. 

Cyber Essentials claim that they can help eliminate the risk of 80% of cyber attacks and the standard provides effective guidelines for businesses to follow.

Organisations that achieve Cyber Essentials have reduced the vulnerability of their business by meeting the accredited government standards.

The primary aim of this scheme is to motivate and guide organisations to adopt the best cybersecurity practices against the most common cyber threats.

Not every organisation has the time needed to develop a full-on approach to cybersecurity. So the Cyber Essentials scheme has been designed to fit with the level of commitment an organisation is able to sustain.

If as an organisation you need more certainty on how you apply cybersecurity, you can obtain basic or entry level Cyber Essentials.

For those organisations who need to take their cybersecurity up to a higher level, you can go for Cyber Essentials Plus certification.

The Cyber Essentials scheme addresses the most common Internet-based threats to cybersecurity and considers these threats to be:


Malware (i.e. ‘malicious software’) refers to harmful programmes and software that allow hackers to access or destroy data on an infected system. Email is the most common method used to deliver malware: a recent estimate is that 80-90% of ransomware attacks for example come via email.


Similar to malware, phishing involves tricking a user into clicking loaded links to acquire information such as passwords, by posing as someone legitimate or an organisation or brand familiar to that person. It can be conducted via a text message, social media or by phone, but most people use the term 'phishing' to describe attacks delivered by email. 

Password guessing

One of the most common ways for a business to be hacked or breached is from attempts to steal an employee’s password to log into a secure system and steal that person's identity. 

Benefits of Cyber Essentials for SMBs

The Cyber Essentials scheme is not covered by binding regulation, instead, it offers organisations and businesses a means to demonstrate their commitment towards addressing cybersecurity by achieving an accredited and registered certification standard.

By adhering to the standards Cyber Essentials can offer SMBs:

  • According to Hiscox, almost one in three (30%) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.
  • The rise in awareness of the financial consequences of a cyber attack have seen an increased demand for evidence that your business takes its responsibilities seriously and invests in cyber protection. 
  • Cyber Essentials is an increasingly important certification to achieve for businesses and organisations of all sizes in the UK.
  • Cyber Essentials reassures customers that you are working to secure your IT and your clients data against cyberattacks.
  • For smaller businesses with little or no IT support or expertise, it provides a basic first step towards cybersecurity and can help build a relationship with a trusted IT supplier. 
Next steps

Cyber Essentials is just one step of the journey towards securing your organisation against cyber attacks. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access. 

We can also help create your cybersecurity plan so you know how to prepare and if necessary respond to an incident.

Take a tour of the Worktools Plans, and contact us to learn more about how we can help take your business to the next level.

Talk to Sales

Image source:

Topics: small business, cybersecurity, Cyber Essentials

Follow our Blog