We don't just advise Cyber Essentials. We live it.

Keekco is now Cyber Essentials certified.

For most consultancies, a certification like this is a nice badge for the website. For us it's something a bit more pointed, because helping organisations get their security foundations right is part of what we do. It would be a strange kind of advice to give if we hadn't done it ourselves.

Cyber Essentials is the UK government-backed scheme that covers the five technical controls responsible for stopping the overwhelming majority of common cyber attacks: boundary firewalls, secure configuration, user access control, malware protection, and keeping software patched and up to date. None of it is exotic. That's rather the point. The attacks that hurt most small businesses are not sophisticated state actors; they are opportunistic, automated, and they succeed because of gaps that good baseline hygiene closes.

Going through the assessment ourselves was a useful exercise, and a good reminder of a few things we tell clients regularly.

First, it is more achievable than most owners expect. We are a small, modern, cloud-first business, and the work was less about buying tools and more about confirming that sensible defaults were switched on, accounts were tidy, and updates were landing promptly. Most of the controls are things a well-run small business is already most of the way towards.

Second, the value is in the discipline, not the certificate. Working through each control forces you to actually check, rather than assume, that multi-factor authentication is on everywhere, that no unsupported software is lingering, that device firewalls are enabled, that admin access is limited to who genuinely needs it. Those checks are worth doing whether or not you certify.

Third, it changes the conversation with clients and partners. Increasingly, Cyber Essentials is a baseline expectation in supply chains and a requirement in many public-sector and enterprise contracts. Holding it removes a question before it is asked.

If you are weighing up Cyber Essentials for your own organisation, or you simply want to know whether you would pass today, that is a conversation we are happy to have. We have just been through every control ourselves, so we can tell you honestly what is involved, where the common stumbling points are, and how to close them without disruption.

Good security baseline is not a luxury reserved for large firms. It is well within reach for an SME, and Cyber Essentials is a sensible, structured way to get there.