Remote Support
Cyber Security

How to get Cyber Essentials Certification

29 Mar 2022
Author: Sarah G

We talk a lot about the danger of ‘sophisticated’ cyber-attacks by menacing threat actors who are smarter than you and I, but the fact is, the vast majority of cyber-attacks are very basic in nature, carried out by relatively unskilled individuals.

So, why is it that businesses are still being caught out by the most simple of tactics? Often it’s because, up to the point they’re attacked, they don’t sense any danger. So, they continue to leave the key under the mat.

The government-backed Cyber Essentials scheme is designed to help firms point out where they’ve left open a window.

Is Cyber Essentials certification worth it?


Not only will it help shore up your IT infrastructure, identifying and dealing with any vulnerabilities, it can bring more business to your door.

Having certified cyber security gives your customers some reassurance that you’re doing everything to secure your systems (and their data) from threat actors.

Business partners, too, will be pleased to see you’ve put adequate cyber security measures in place.

Some government contracts even require you to have Cyber Essentials certification, so if you’re looking to tender any time soon, then it’s best to get certified as soon as possible.

Plus, don’t you just want the peace of mind that you’re protected against the vast majority of common cyber-attacks?

Completing the self-assessment questionnaire

Cyber Essentials certification is achieved through a self-assessment process. Once you’ve ordered and paid for Cyber Essentials, you have three months to complete the application online.

You don’t have to complete it in one go – you can save your progress at any point and return to it at a later date. But the questionnaire itself should only take you a couple of hours to complete, all in.

Most companies get their application in within a week or so. However, it depends on the state of your IT security. If the assessment flags up any gaps, you will need to get these plugged before you move on to the next question. 

Our team at Nebula can help you with this.

In fact, if you’d prefer, we can carry out an assessment of your IT infrastructure before you complete the Cyber Essentials questionnaire and make any necessary adjustments. Then, when it comes to the questionnaire, you can just give everything a big tick!

Cyber Essentials covers:

·         Firewalls and routers

·         Software updates

·         Malware protection

·         Access control

·         Secure configuration

Upgrading to Cyber Essentials Plus

While you’re at it, why not go the whole hog and bulletproof your firm’s cyber security. Cyber Essentials Plus is a more rigorous test of your organisation’s cyber security systems, ensuring that it’s fully protected against hacking and phishing attacks.

Even the most sophisticated threat actors won’t be able to touch your business. They probably won’t even try.

To get Cyber Essentials Plus certification, you need to go through a technical audit, including a series of internal vulnerability scans and an on-site assessment.

One of our assessors will ask to inspect a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users.

Of course, you’ll want to make sure your systems are up to inspection before we come by, but don’t worry – even if any of your systems aren’t yet up to speed, we’ll ensure that they’re updated and sorted to guarantee that you pass your Cyber Essentials first time!

We’ll work through each device and ensure they’re up to date and patched prior to testing. Although our assessor will only inspect around 10% of your devices, there’s no telling which ones they’ll be.

Having removed any device-related vulnerabilities, we’ll then work with you to ensure you have policies in place to make sure checks are made throughout the year. You don’t want all that hard work achieving certification to be in vain! 

Once you’ve received Cyber Essentials or Cyber Essentials Plus certification, your organisation will be listed on the National Cyber Security Centre website. As much as anything else, this tells cyber-criminals not to bother trying it on with your systems.

Ready to get Cyber Essentials certification? Get in touch today.

Alternatively, give us a call on 01454 534 009, or email us at

Nebula can carry out thorough audits to establish what measures you have in place and where you are vulnerable, then devise an action plan to secure your business. This both keeps you safe, and ensures that you’re Cyber Essentials ready.

Are you receiving great IT?

A great IT provider will help accelerate your business growth, maximise opportunities and understand your company ethos. If you feel you're not getting maximum value from your IT provider, it could be time to switch.