How to achieve Cyber Essentials certification when your business works remotely

If your business has employees who are hybrid or remote workers, you need to ensure their devices are secure and meet the requirements of Cyber Essentials. Cyber Essentials is the UK standard for organisations to follow to remain safe and secure from cybersecurity threats, and its requirements continue to be updated. Here’s how to make sure you’re covered when working remotely.

What are the steps to achieve Cyber Essentials certification remotely?

  1. Make sure your employee networks meet Cyber Essentials requirements
  2. List the equipment that each remote employee is using
  3. Check software and licenses are up to date

What is a network?

Any single device connected to a router can be considered a network. For the purpose of Cyber Essentials, your ‘network’ is the devices linked to share resources, exchange files, or allow communication. 

For example, think of your office printer. Rather than setting up a single printer for every employee, you’ll have a single printer that everyone can use (and you’ll argue over whose turn it is to change the toner). This is the perfect example of a network.

What does a network look like in practice?

Most offices and workplaces use a Local Area Network (LAN). A LAN is usually confined to a small geographic area, say an office in Bow or a warehouse in Bolton. A LAN allows every device within the network to use a single internet connection, share files, and access or control other devices. 

It’s possible to connect everything from printers and phones to smart TVs, speakers, and security cameras. You can even connect the office fridge. 

Unsure which certification is best for you? Check out our guide to cybersecurity certifications in the UK.

How to get Cyber Essentials certified when working remotely

1. Check employee networks meet Cyber Essentials requirements

We’ve just gone through what a network is. However, with remote working, networks might look a little different. 

Any device connected to a router is considered a network. With multiple remote workers, you’ll have multiple networks. 

All you need to do is ensure that each router meets the requirements of cyber essentials. For example, you should ask each employee to change the default password on their router. 

2. List your remote employee equipment 

Question A2.8 of the Cyber Essentials assessment will require you to list all of your network equipment. But don’t worry, it’s pretty simple.

All you need to do is list the equipment each employee is using, as if you were in the office. 

What might this look like in practice? Let’s imagine a company with ten staff working from home. An equipment list will look something like this:

  • 2 x Sky broadband with Sky router
  • 6 x BT broadband with BT hub router
  • 1 x TalkTalk broadband with TalkTalk router
  • 1 x Virgin Media broadband with Virgin Media router

3. Check software and licenses are up to date

Any devices that home workers use to access organisation information should be covered by Cyber Essentials. And the software and licenses you use should be too. 

Make sure that software and licenses are:

  • Up to date, licensed, and supported
  • Removed from devices when they become unsupported
  • Set to update automatically where possible

But what about other elements of the Cyber Essentials assessment process? Fortunately, as the entire assessment can be conducted remotely, you can complete the process no matter where your staff are working from. 

Hopefully, we’ve cleared up most of the confusion surrounding networks and Cyber Essentials. However, if you have any further questions, please don’t hesitate to get in touch with our team. 

And, you can always find out more about which certification is right for you by downloading our guide to cybersecurity certifications in the UK.

Cybersecurity certifications