Latest update for Cyber Essentials – Willow questionnaire from April 2025

By James Galbraith, Cyber Essentials Assessor There will be some important changes with the release of the Cyber Essentials Willow question set in April 2025. The government partner IASME, in consultation with Certification Bodies including Indelible Data, conducts an annual review of the scheme. Notable changes will occur in the following areas: Home workers Clarification …

Secure Your Mac: Meet Cyber Essentials Password Standards

This guide will walk you through the steps to configure your Mac’s passwords to meet Cyber Essentials compliance standards. Utilising the pwpolicy Tool Apple provides a powerful command-line tool, “pwpolicy,” to manage password requirements on your Mac. This tool allows you to customise various aspects of password complexity, such as: Minimum Password Length: Setting a …

Beat the Cyber Essentials price rise

Indelible Data is giving its customers the chance to beat a Cyber Essentials price rise coming into force on April 1st2024. The government’s scheme partner is introducing the first rise since January 2022 in response to rising costs. While we have increased the BRONZE package in line with IASME’s changes a lower increase will maintain …

Does my business need Cyber Essentials?

Cyber Essentials helps keep businesses secure through the assessment of five controls: The use and proper configuration of firewalls The implementation of secure settings for devices and software The use of access control management The implementation of antimalware software and other methods The configuration of automatic updates for devices and software The certification is designed …

Find out about our new streamlined process for our Cyber Essentials Gold package!

We’ve streamlined our Cyber Essentials Gold process by eliminating the use of spreadsheets and implementing the helper feature on the IASME portal. This will ensure that your assessment remains consolidated in one location, eliminating the need for back-and-forth with spreadsheets. To facilitate this transition, we ask that you add helper@indelibledata.co.uk as a helper on the …

How should you handle uncertain end-of-life dates in Cyber Essentials?

While most manufacturers and developers are open about the support milestones of their products, some companies instead prefer to guard their end-of-life dates, which may result in awkward situations during Cyber Essentials certification. One example of this is Apple’s iOS operating system. Traditionally, Apple has supported the two latest major versions of iOS, whereas recently …

Discounted Cyber Essentials Certification for Charities

Indelible Data is offering Cyber Essentials at a discount to charities over the next two weeks, writes Business Administrator Abbey Wright. Charities purchasing Cyber Essentials between the 6th November and the 17th November will benefit from advice and guidance as well as a discounted price as part of a national effort to educate charities about …

When are user accounts actually admin accounts?

Under Cyber Essentials, there are various controls that are related to administrative accounts and their use, writes Cyber Security Technologist Tyson McGuirk. The scheme makes it very clear that user accounts and admin accounts should be separate and only used for their intended purpose. Admin accounts have access to additional permissions and services that would …

The Electoral Commission failed Cyber Essentials certification ahead of major breach

The Electoral Commission has admitted failing Cyber Essentials at around the same time as it suffered a major security breach, writes Cyber Security Technologist Tyson McGuirk. In August 2021, names, addresses, and other personal information from the register was compromised in a suspected hack. This incident reflects the significance of the Cyber Essentials scheme as …

Should I include irregular devices and operating systems in Cyber Essentials?

The first step in a Cyber Essentials assessment is to determine what organisational data and organisational services are used in your business, writes Cyber Security Technician Tom Boughton. Common examples of organisational data are emails, documents, database data, or financial data, with common examples of organisational services being software applications, cloud applications, cloud services, and …