What are the 5 key controls of Cyber Essentials

We’ve recently been covering the importance of cyber security in your organisation. From reducing the risk of valuable data being leaked to avoiding serious fines, cyber security is a hugely discussed topic for businesses. The Government-led scheme – Cyber Essentials – is designed to be a benchmark of cyber security and to develop awareness for businesses. In this blog, we’re going deeper into cyber essentials and the 5 key technical controls that a business is assessed on.


What are the 5 key controls?

In quick summary, the 5 controls of Cyber Essentials are:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

Boundary Firewalls and Internet Gateways

This control will apply to every business where employees have access to the internet. Internet gateways and firewalls will identify and prevent unwanted traffic gaining access to your network, computers, and systems. The controls you need to apply will include changing any default/admin passwords, ensuring firewalls are properly set up, etc.


Secure Configuration

A newly installed computer or piece of software is never properly configured with its factory settings. This means if you carried on using a device on its default settings, it is open to cyber risks. All computers and network devices should be configured to reduce risk. This will include reducing or removing unnecessary software and changing default settings and passwords.

Access Control

A huge number of data and cyber breaches occur from abuse of administrative user accounts in a business. Organisations and businesses should aim to only let certain individuals have special access privileges according to their position and responsibilities. Companies can look to manage this by performing a number of controls, such as having unique usernames and passwords, and keeping all account information in a secure, protected location.

Malware Protection

Where computers and systems are exposed to the internet, they will need to be protected from malware. Malware is a programme, or virus, that has been coded with the intent to perform unauthorised actions on one or more computers. Organisations should at a minimum look to protect all computers that are connected to the internet via cable or wireless. Other actions include having up-to-date malware software as well as setting regular scans (daily) to ensure early detection of malware.

Patch Management

As with any software, there are often regular updates released to add more features and improve performance. If there are any vulnerabilities in software that hasn’t been updated, this can become a weak spot that can be used to gain access to networks and computer systems. Organisations and businesses should ensure  the following: remove out-of-date software, and ensure all security patches are updated soon as they are available.

How to get certified

If you are interested in Cyber Essentials but don’t know where to begin, help is at hand. Our Cyber Essentials consultant will assist your business in obtaining Cyber Essentials certification. Getting Cyber Essentials certified will show others that you have taken all the steps needed to optimise your cyber security and vastly reduce the risk of a cyber-attack occurring.


If you’d like to find out more either call us on 0121 296 2500 or book a 15-minute Zoom meeting with us which you can do below.

Leave a Reply

how can we help you?

Simplifying technology, unrivalled service and cost-effectivness are the the driving forces behind everything we do and seperates us from our competitors.