Critical Security NOT Included in Cyber-Essentials

Integral IT - Critical Security NOT Included In Cyber-Essentials

Share This Post

Cyber Essentials is a fantastic way to start your business on its cyber security journey.  However, it is also missing some key factors that are not included within the Cyber Essentials framework. Cyber Essentials is just that, the essentials. It covers only the bare minimum that your business should have in place to protect from cyber-attacks. If your business passes the Cyber Essentials testing, that does not mean that your company is sufficiently protected from hackers.  You should be doing a lot more to keep your data safe. Although Cyber Essentials is a positive scheme, we believe a few things should be included in the framework as they are also ‘essential’. such as:
  • Backup and Recovery
  • Two-Factor Authentication
  • Cyber Awareness Training
  • Email Security

Backup and Recovery

Backing up data is a crucial step when it comes to cyber security. If your business suffered a cyber-attack without backup, the hacker could easily encrypt all of your data, leaving you unable to get it back. Recovery from a cyber-attack won’t be able to be done without this. This isn’t part of the Cyber Essentials as a necessity. It is only advised, and until January 2022, it wasn’t even mentioned. Backup being ‘advisory’ isn’t enough, and everyone should be doing it.

Two Factor Authentication

If you have access to two-factor authentication on your cloud login, you could reduce your chances of being hacked by 99.9%, according to, if you activate it. So indeed, this is counted as a cyber essential? Unfortunately, this is not, in fact, a part of the scheme’s framework, and two-factor authentication isn’t going to be a mandatory requirement until January 2023. At this point, only administrators are required to have two-factor authentication turned on. We recommend using two-factor whenever possible, especially on your cloud services such as Microsoft 365.

Cyber Awareness Training

Your business’s security is only as strong as your weakest team member’s security. If your employees are not trained in Cyber Awareness, this puts your business at a massive risk of success. They should all know how to spot a cybercrime attempt via email and be able to handle scam calls to reduce the risk of them falling victim to a hacker, or else they are putting the whole business in danger.

Email Security

Many cyber-attacks begin via emails. So what is to happen when a well-hidden dodgy email slips, though? Hackers can trick many people into putting their data and account details where they can steal them or having people click on links that cause malware to infect the computer. Having a secure email system will only stop the majority of scam emails, not all of them, so it is down to those whose email inboxes it is t be able to spot them and know how to deal with them. This can be done via Cyber Awareness Training. Although Cyber Essentials is a great scheme that will undoubtedly help many businesses become much more secure. More actions should be taken to ensure security for your business and prevent cyber-attacks.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How to use Microsoft to do

The ULTIMATE Microsoft To Do Tutorial

How do you handle your to-do lists? Do you write tasks on scraps of paper? Or do you pop them in a notebook? Perhaps you have a digital application such as Todoist!  If you’re a Microsoft 365 user, you already pay for a task management system! It is called Microsoft To Do.  We all have

Zero Trust Holy Grail

Is Zero Trust Security The Holy Grail OF Cyber Security?

USA president, Joe Biden, thinks that Zero Trust is the way to go in your cyber security journey, but, what is Zero Trust, and what does it mean for your business?  When it comes to your business, I’m sure you’ve got a strategy in place for how you’re going to win new business, market your

Scroll to Top