top of page

I run a retail business, why should I be Cyber Essentials certified?

Implementing the controls suggested means that 99% of common cyber-attacks will be fully or partially mitigated! And some of these controls aren't complicated or expensive.

Female worker talking on phone in shop

99% is not 100% that is true, but in today’s world of ever-changing threats and new technology there is no solution where you will be 100% protected, unless you never use a computer at all, which for a business, no matter what size you are is rather unlikely.

Cybercrime is increasing and affects all types and sizes of businesses, even small retailers. And some of the key tactics are the same whether your company is big or small.

What are a couple of the most common ways criminals attack a company?

  • Use of user credentials – they simply log in – this could be from phishing attacks or as part of previous data breaches or even from default passwords which haven’t been changed

  • Known, unpatched (updated) software or hardware vulnerabilities – basically companies haven’t updated their systems and criminals actively look out for these unpatched systems

  • Malware – users download malicious software, or visit a dodgy site, which infects the network.

How can Cyber Essentials help?

Cyber Essentials is a simple and effective Government-back scheme designed to help put in place mitigation to the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.

And as we have already said, a study by Lancaster University found that if the controls with Cyber Essentials were implemented, over 99% of attacks were either fully or partially mitigated!

Pie graph showing attacks mitigated: 69.2% fully, 30.1% partially. 0.7% not mitigated

And if this sounds too complicated or technical to implement, just speak with us. We are here to help.

What should I do next?

Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your charity’s cyber resilience and can offer guidance to free tools that you can implement straight away.

Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide technical help if required.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free.

When you join our community you get:

  • Threat alerts both regionally and nationally

  • Signposting to free tools and resources from both Policing and the NCSC

  • Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience

  • Discussion area to meet and talk to other companies in the region and our partners

  • Support from the ECRC team

We also work with local university students, who are trained and mentored by senior ethical hackers, to deliver affordable services designed specially for small and medium businesses. So when you're ready for an insight into if you have common vulnerabilities, are sharing a little too much online or want to review your policies and practices think of us.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page