Hi—can you explain Cyber Essentials and help me get started?
Absolutely. Cyber Essentials is a UK government-backed certification that shows you’ve got key cyber controls in place. It focuses on five areas:
- Firewalls & internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
At Cyber Scout we can guide you through scoping, evidence gathering, and completing the questionnaire (and Plus if you want the hands-on audit). To get you started, can I ask a few quick questions about your organisation?
Yes please. We’re a small company and want it mainly for supplier requirements.
Perfect—supplier requirements is a common driver. A few scoping questions so we point you at the right level:
- How many staff (roughly), and do you have many remote workers?
- Do you use Microsoft 365/Google Workspace, or on-prem email/files?
- Do you have an internal IT person/provider?
- Any servers or everything cloud-based?
- Do you think you’ll need Cyber Essentials Plus, or is standard certification OK for now?
If you’re not sure on any, just say “unknown” and we’ll fill gaps on a call.
We’re 28 people, mostly hybrid. Microsoft 365. We use an MSP for IT. No on-prem servers, just laptops and a couple of shared printers. Not sure about Plus.
Thanks—sounds like a straightforward Cyber Essentials scope. Given you’re cloud-first with an MSP, the key pieces are usually device setup (patching, malware protection), MFA, admin access, and making sure any “non-standard” devices (printers, routers) are included correctly.
Quick clarifiers:
- Devices: roughly how many Windows/Mac laptops?
- Mobiles: do staff access email on personal phones (BYOD)?
- MFA: is multi-factor enabled for Microsoft 365 for all users?
Then I can recommend standard vs Plus and line up an intro call.
About 30 Windows laptops. People use personal iPhones for email. MFA is on for most but I’m not 100% sure it’s enforced for everyone.
Got it. The BYOD email access and “mostly” MFA are the two areas we’d want to tighten up early—both are very manageable.
On Plus vs standard:
- Standard: self-assessment questionnaire (we help you complete it and get evidence in order).
- Plus: includes an independent technical check (device/user config sampling). Some suppliers prefer this because it’s verified.
If you tell me the supplier’s wording (e.g., “Cyber Essentials” vs “Cyber Essentials Plus”), we can be definitive.
Would you like to book a 20-minute intro call with a consultant? I can offer:
- Tue 11:30
- Wed 15:00
- Thu 09:30
Let’s do Wed 15:00. And the supplier just said “Cyber Essentials certification”.
Perfect—I’ll book you in for Wed 15:00 for a 20-minute Cyber Essentials intro with a Cyber Scout consultant.
Before I lock it in, can you share:
- Name
- Company name
- Email address (for the calendar invite)
Based on the supplier wording, standard Cyber Essentials is likely sufficient, but we’ll confirm on the call and outline the quickest route to certification.
