As cybercrime continues to surge, businesses find themselves increasingly vulnerable to attacks that can disrupt operations and tarnish their reputations, particularly in the UK. Over the past year alone, UK businesses experienced a staggering 7.7 million cybercrimes, affecting almost half of all companies nationwide. With cyber threats growing at an alarming pace, securing your organisation has shifted from a mere consideration to an urgent necessity.
That’s where the Cyber Essentials certification comes in. Launched by the UK’s National Cyber Security Centre (NCSC), this government-backed scheme helps organisations protect themselves against the most common online threats. It’s also a key requirement for any business working with UK government bodies or handling sensitive data.
Cyber Essentials offers two tiers:
Cyber Essentials: A baseline certification covering key protective measures every organisation should have.
Cyber Essentials Plus: A more rigorous certification that includes in-depth, hands-on technical assessments to validate your defences.
In this blog post, we’ll explore how Zoho’s Security Solutions can assist you in meeting the standards of Cyber Essentials while enhancing your overall cybersecurity framework.
Who should abide by Cyber Essentials?
Cyber Essentials, a UK-based cybersecurity framework, was created with organisations in the United Kingdom in mind. However, its foundational principles are relevant to any business around the globe that seeks to bolster its cybersecurity measures.
The five Cyber Essentials controls
The core controls of Cyber Essentials focus on fundamental security practices that every organisation should implement to safeguard sensitive information from common cyber threats. These controls form a solid foundation of security, addressing the most common vulnerabilities that cyber attackers exploit. The five controls include: Firewalls and routers, Secure updates, Access control, Malware protection, and Security configuration.
How Zoho's Security Solutions helps you achieve Cyber Essentials compliance
Zoho’s Security Solutions provide a unified approach to workforce security, helping organisations streamline and accelerate their journey toward Cyber Essentials compliance. Our security stack is designed to align with the core requirements of the Cyber Essentials framework, ensuring that your organisation maintains robust protection against common cyber threats.
Our suite includes a privacy-first browser, an identity and access management platform, a workforce password manager, and multi-factor authentication—all working together to cover key Cyber Essentials controls: Access Control, Malware Protection, and Secure Configuration.
Zoho’s Security Solutions deliver foundational protection that secures your organisation’s sensitive data and systems. For areas outside the scope of these three controls, our sister company, ManageEngine, steps in to compliment the rest.
Access control
Authenticate users before granting access
Controlling access to sensitive systems and data is a fundamental cybersecurity principle. With Zoho Vault, administrators can easily onboard users, assign roles, and control access through integrations with popular directory services such as Zoho Directory, Google Workspace, Microsoft 365, Microsoft Active Directory, Microsoft Entra ID, and Okta. It also supports a request-release workflow that grants time-bound access with administrator approval—reducing the risk of unauthorized access.
Remove or disable user accounts when no longer needed
When employees leave or no longer require access, it’s essential to revoke their permissions promptly. Zoho Vault ensures secure offboarding by allowing administrators to immediately revoke access to shared credentials, folders, and user-specific permissions, minimising the risk of any lingering access. Passwords can also be shared temporarily with contractors or freelancers—even if they don’t have a Zoho Vault account. Access is granted for a specified period and automatically revoked afterword.
Enforce two-factor authentication
Zoho Vault takes security to the next level by allowing administrators to enforce multi-factor authentication (MFA) for all user accounts. Whether it’s SMS-based one-time passwords (OTP), third-party authenticator apps like Google Authenticator or Microsoft Authenticator, security keys, or Zoho OneAuth, Zoho Vault provides a variety of flexible options. Adding this extra layer of security reduces the chances of unauthorized access, making your system more resistant to cyber threats.
Use administrative accounts for administrative tasks only
Proper role-based access management is essential. Zoho Vault ensures that administrative accounts are only used for administrative activities. Zoho Vault offers two default admin roles: Super Admins and Admins. Super Admins have complete control over user management, while Admins can assist with high-level tasks but do not have rights to manage users. For urgent situations, Zoho Vault offers break-glass permissions, allowing trusted users to access all resources on a temporary basis. However, this should be reserved for emergency cases and assigned with caution.
Remove special access privileges when they are no longer needed
Following the principle of least privilege, Zoho Vault grants access to sensitive information only as necessary for a user’s role. Once that access is no longer required, privileges can be promptly revoked, minimising the risk of unnecessary exposure and enhancing your organisation’s security posture.
Malware protection
Scan webpages to identify malicious websites
Ulaa safeguards your browsing by maintaining a block list of malicious websites, preventing access to sites known for hosting malware, scams, or harmful software. It also enhances security through the uBlock badware filter, which blocks malicious ads—protecting you from ransomware, phishing, spyware, and unintended malware downloads.
Zoho Vault's browser extension protects passwords by securely storing them with their respective websites, reducing the risk of phishing attacks. It detects malicious sites posing as legitimate ones, disables autofill, and prevents password suggestions to enhance security. In case of a phishing attempt, the built-in password and passphrase generator quickly creates strong new passwords for compromised accounts.
Secure configuration
Remove and disable unnecessary user accounts and software
Zoho Directory simplifies user provisioning and deprovisioning, enabling automated actions at every stage of an employee's lifecycle. Applications can be assigned upon onboarding, access can be revoked upon departure, and app assignments can be adjusted during role or team changes. This ensures that all applications are managed efficiently, necessary updates are made, and user data remains synchronised across all platforms within Zoho Directory.
Change any default or guessable account passwords
Zoho Directory's security policies provide customizable rules for managing user authentication. Multi-factor authentication modes can be configured to control how authentication occurs. Session management settings define the number of active sessions permitted and their duration. The flexibility of these policies allows for varying levels of strictness based on user roles and responsibilities.
Zoho Vault's password policies define the required strength of user passwords and the frequency of renewal. Restrictions on allowed IP addresses and geolocations help prevent sign-in attempts from unauthorized locations.
Ensure users are authenticated before allowing them access to organisational data
Zoho OneAuth enhances security for Zoho and online accounts by adding an extra layer of protection. Its Smart Sign-in feature enables faster logins by scanning a QR code, while the passwordless authentication allows users to enter their username and log in through push notifications and biometric verification. Beyond multi-factor authentication, OneAuth provides additional security measures to safeguard accounts from cyberattacks. To counter MFA fatigue attacks, the Restrict Sign-in feature can lock an account after repeated attempts. Security is further strengthened with App-Lock for controlled access, and unauthorized sessions can be terminated remotely using Remote Logout.
Zoho's commitment to compliance
At Zoho, we prioritise the security of your and your customers' data above all else. Our commitment is evident in our Cyber Essentials Plus certification, a robust standard against cyber threats. Our systems undergo rigorous, independent audits by IASME-approved assessors, ensuring the effective implementation of strong security controls across our organization and network. This dedication to maintaining Cyber Essentials Plus certification provides assurance that we adhere to stringent security best practices, fostering a safer, more reliable environment for your valuable data. Learn more about our compliance commitment.
Final thoughts
Achieving Cyber Essentials certification is no longer just a smart choice—it’s becoming essential in safeguarding your organisation against evolving cyber threats. With Zoho’s Security Solutions, businesses can streamline their path to compliance while reinforcing their core cybersecurity practices.
Get Cyber Essentials-ready with Zoho.
Disclaimer: Zoho does not guarantee that entities using Ulaa, Zoho Directory, Zoho Vault, Zoho OneAuth, and ManageEngine will be Cyber Essentials compliant. These solutions can assist customers in meeting certain requirements for organisations handling sensitive information. When combined with other suitable solutions, processes, controls, and policies, Zoho's security solutions can help organisations adhere to Cyber Essentials guidelines. This information is provided for reference purposes and should not be taken as legal advice for Cyber Essentials compliance. Zoho does not provide any warranties, whether express, implied, or statutory, regarding the information in this blog. It is recommended to consult with a legal advisor to understand how Cyber Essentials affects your organisation and what steps are necessary for compliance.
Comments