From 27th April 2026, the UK’s industry standard of cyber security, Cyber Essentials, is changing. To understand how, it’s helpful to recap what Cyber Essentials is and why Aspgate follows its standards. The National Cyber Security Centre is run by the UK government and its Cyber Essentials certification is ‘the minimum standard of cyber security recommended by the Government for organisations of all sizes.’ As a company specialising in cyber security, Aspgate is very enthusiastic about having industry standards for cyber security processes, because the interconnected nature of the internet means that if we all do our bit to keep our digital spaces safe and secure, we can help keep everyone safe and secure. Here’s what the Cyber Essentials standards typically cover:
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security update management
Cyber Essentials Plus is a technical audit that assesses your IT systems and confirms they meet minimum security requirements. The scheme updates every year in order to keep up with new and evolving security threats, and this year’s changes are raising the standards of cyber security. Here’s what will change from 27th April 2026:
- Mandatory multi-factor authentication for all users of cloud services. There will no longer be any exceptions (previously, only admins of a service needed to use multi-factor authentication). This will ensure your business’s employees authenticate their user sign ins and will keep accounts secure.
- More strict enforcement of security update management. All patches and fixes to operating systems, router and firewall firmware must be installed within 14 days of their release. This will keep your business’s digital infrastructure secure with up-to-date fixes.
- Organisations will be able and expected to provide detailed scope descriptions of any services accessible via the internet that store or process company data or use business accounts. This will include HR systems, Google Workspace and Microsoft 365.
- Changes to assessment criteria mean your organisation needs to prove it can implement changes to systems in real time. Instead of just proving your organisation can theoretically respond to threats, you’ll be expected to show how you respond to threats.
- Prove ongoing compliance to Cyber Essentials. It won’t be enough to achieve one certificate and ignore your IT systems until they need a huge update.
Sound complicated? That’s where Aspgate comes in! We weave cyber security into all our various services, and we can support your organisation to meet all the new and ongoing standards set by the National Cyber Security Centre, and pass your Cyber Essentials Plus audit. Whether you’re a current client or looking to enlist Aspgate to help you bring your digital systems up to muster, we’re always happy to chat. Give us a call on 0330 390 6888, or email enquiries@aspgate.co.uk. We look forward to working with you to ensure your business or organisation stays safe, secure and compliant with industry standards.