Everything you need to know about the Cyber Essentials scheme: ReformIT expert insight

With the government’s National Cyber Security Centre set to update the Cyber Essentials scheme in January 2022, IT support specialist ReformIT explains why it should be at the top of businesses’ digital to-do list.

From Monday 24 January 2022, the government’s National Cyber Security Centre will introduce an updated set of requirements for the Cyber Essentials scheme – its biggest overhaul since it was launched in 2014.

With the updated scheme setting a new baseline standard for best practice in cyber security, SoGlos spoke to cyber expert, Neil Smith from ReformIT, to find out why businesses should be putting Cyber Essentials at the top of their digital agenda in 2022.


About the expert – Neil Smith, founder and managing director of ReformIT

Neil Smith

Neil Smith is the founder and managing director of ReformIT, a nationwide IT support specialist, headquartered in Cheltenham. Its skilled technicians can advise on all IT matters, from security, software and cloud solutions, to IT support and managed services, such as VoIP telephone services and website hosting.

ReformIT is a small business specialist, Microsoft Silver partner and Microsoft Office 365 consultant that also provides a customised range of managed IT services for business. From a full out-sourced IT department to third-line support and project management, the firm can customise its service to suit a range of requirements.

For more information, visit reformit.co.uk.


What is the Cyber Essentials scheme?

Cyber Essentials is the digital standard that the government wants all businesses to align themselves with, demonstrating that they are meeting at least the minimum cyber security requirements.

It covers everything a business should have or be aware of when it comes to IT security to keep their business safe, secure and operational. As a managed IT firm, this is our yard stick – we go by Cyber Essentials to ensure we’re looking after our clients in the best possible way.


Why is it suddenly in the news again?

The UK’s digital economy has changed enormously and the government is set to make some changes to Cyber Essentials to reflect this from Monday 24 January 2022.

Importantly, the new standards will mean all cloud services will now be within the scope of Cyber Essentials for the first time – cloud services meaning infrastructure, platforms, or software that is hosted by third-party providers and made available to users through the internet.


Why the emphasis on ‘the cloud’?

An increasing number of firms have moved and are moving their back-office and digital platforms to the cloud – to service providers. Cyber Essentials will map out what they need to consider to make sure they are in safe hands.

Most cyber attacks originate via emails, for example. You need to make sure the service provider looking after your emails is doing everything it can to protect you.

Cyber Essentials sets a standard that business leaders should be looking to achieve to give them and everyone else peace of mind.


Is there anything more to it?

The scope is broader, but significantly there is also a response to our changing working habits during the Covid-19 pandemic, which means Cyber Essentials will now also consider the new army of home workers.

And it will look at everything from passwords for machines and systems through to the machines themselves.

What is best practice when it comes to passwords and changing passwords has become a little confused. Cyber Essentials will lay down some clear guidelines – and that also applies to home working.


Lots of us now work from home. What is the issue?

Anyone who works from home is now classed as a home worker and the scope of the new standards extend to the devices, phones, laptops and computers they use.

It will encourage firms to think about whether it is a good thing to let staff members access internal company systems on personal laptops and phones – devices that their children may well pick up and download anything onto, for example.
Do they need security and software on those devices? If so, what, and how will that be managed?

Advice will be for all admin accounts on all cloud services to have multi-factor authentication (MFA) – which is more than two pieces of information to access an account. The idea is to help provide that extra level of protection.


How can businesses get a Cyber Essentials certificate? It is expensive? And why is it so worthwhile?

Prices are about to change as a result of the reform, but Cyber Essentials Basic costs roughly £300 plus VAT for a self-assessment process. As an IT company, ReformIT can help with this – we have helped many of our clients, bringing them up to standard and then taking them through the test.

Then, on top of this, there is Cyber Essentials Plus. ReformIT can help bring your business up to speed and then a third-party assessor audits your assessment and runs tests such as attempting to hack into your system, independent of us, to check our work.

By passing that, business leaders will get a confidence boost in knowing that their organisation is in the top two or three percent of firms. Plus, it can be essential for doing business with certain suppliers.

Which brings us to the other real benefit: not only will businesses be better protected and prepared for when a cyber attack comes, but with a Cyber Essentials certificate, customers and suppliers will know they can say ‘yes’ with confidence to doing business with them.


For more information, visit reformit.co.uk.


Read more: 11 tips to help you choose the best IT support company for your business


© SoGlos
Wednesday 12 January 2022

More interviews you might like...

Over 100 tree species that live and thrive at Westonbirt, the National Arboretum near Tetbury are facing extinction in their natural habitats.

How Gloucestershire conservation projects are helping to protect trees from extinction: Friends of Westonbirt Arboretum expert insight

With one in three tree species threatened with extinction in the wild, Westonbirt, the National Arboretum is playing an important...

Many Gloucestershire drivers never look back after trying an electric vehicle and feeling the benefits in their driving experience and in their pockets, says Cleevely EV owner Matt Cleevely.

How electric vehicles could save you money: Cleevely EV expert insight

One customer spent just £63 charging his car in one year, according to Gloucestershire electric vehicle specialist Cleevely...

Bredon School is an independent day and boarding school for boys and girls aged seven to 18, sat in acres of countryside near Tewkesbury.

‘Our pupils embark on pathways that suit their particular strengths’: Meet the headmaster of Bredon School

With specialist support for children with dyslexia, a vast outdoor education offering and a thriving Combined Cadet Force,...

Matching candidates to the right roles is a major challenge in the Gloucestershire jobs market right now, as Mike Goode from recruitment specialist, GB Solutions, explains.

How to hire the right people or land that dream interview: GB Solutions expert insight

Gloucestershire businesses and job hunters are up against one of the most challenging jobs markets in recent years. SoGlos...

There is no silver bullet to resolve the cyber security threats to businesses, but simple, targeted, regular staff training is a pretty good place to start, according to Cheltenham firm ReformIT.

Business advice: The importance of staff training to combat cyber threats

In the first of a new advice series delivering clarity for businesses on the subject of all things IT, ReformIT looks at how...

Don’t miss

Unmissable highlights