You can take the title of this post with a pinch of salt. If you're considering becoming Cyber Essentials certified, you probably are a boss, technically speaking.

That's brilliant – the fact you're considering it, we mean. It's great that you're a boss too. Well done.

Ahem… let's start again.

The fact is, Cyber Essentials certification is tricky for any business to achieve without assistance. You could be the best IT manager on this side of the equator, and you'd still have to pause for thought.

It requires lots of preparation, and a keen understanding of your current security infrastructure – right down to the personal devices your employees use for work.

(Psst… we can help with all this. But more on that later.)

We know it can be daunting when you're not sure what a process like this entails. Heck, we're getting flashbacks to our GCSEs just thinking about it. That's why we're going to share some sample questions with you, as well as a few definitions to help you navigate the complex world of cybersecurity.

Quick disclaimer. These aren't exactly what you'll see on the Cyber Essentials assessment, but they're certainly indicative of the kinds of subjects covered.

And if you need a quick refresher on Cyber Essentials and Cyber Essentials Plus, check out our service page. / OR "check out this nifty blog post."

OK. See-through pencil cases at the ready? Let's do this.

Do you have a documented password policy that includes a process for when you believe the passwords or accounts have been compromised?

What this means: this question is encouraging you to consider the implications of a password breach and to ask yourself whether you'd be equipped to cope.

What to ask yourself: "do all IT staff and users should know exactly what to do when a breach occurs?" This is essential so that potential damage can be limited without delay. And remember: passwords are only one tool in your security arsenal. Additional measures like two-factor authentication can add an extra level of protection if password data is leaked or compromised.

Do you have software firewalls enabled on all of your desktop computers, laptops and servers?

What this means: a firewall is like a nightclub bouncer for your network. It prevents unwanted traffic flowing between an untrusted network (i.e. the internet) and a trusted network (your office LAN).

What to ask yourself: "am I aware of all the devices used throughout my business?" You need to be certain that every internet-capable device is protected from internet threats using a properly-configured firewall.

Are all high-risk or critical security updates for operating systems and firmware installed within 14 days of release?

What this means: updates are released for a reason. Online security is constantly developing, and new vulnerabilities are discovered regularly. Keeping your software up to date means protecting yourself from the latest threats.

What to ask yourself: "am I keeping a record of the update status of all operating systems and software used throughout my business?" Remember: one missed update is all it takes for your whole network to be compromised.

Cybersecurity definitions

Now that you've got to grips with the kinds of questions you'll face, let's take a look at some of the acronyms that get thrown around in cybersecurity circles.

Of course, we'd never use jargon like this – we always aim to keep things clear and easy to understand. However, you might come across some of it while conducting your own research.

APT: Advanced Persistent Threat

A sophisticated, ongoing cyber attack. Most attacks are pretty basic, but an APT is meant to crack even the most advanced security infrastructures. The good news is that these are relatively rare, and are typically conducted by state-sponsored espionage groups.

AV: Antivirus

Software that detects and removes malware. We should all be familiar with antivirus programs. If you're not… install one, quick!

CIS: Center for Internet Security

A US non-profit that develops best-practice solutions to combat cyber threats. It's based in New York, but its work has global implications.

DDoS: Distributed Denial of Service

A kind of cyber attack that works by "flooding" a network with unwanted traffic. The aim is to overload the network and take it offline. Reports claim this kind of attack recently affected the whole of North Korea.

HTTPS: Hypertext Transfer Protocol (Secure)

HTTP (without the "S") is the tech that the internet was founded upon. It's the thing that makes websites work, basically. The secure version began seeing more use from around 2016. By now, all websites should use HTTPS.

ISO: International Organisation for Standardisation

The world's premier developer of commercial, technical and industrial standards. It's responsible for ISO 27001, the top international standard for cybersecurity.

SSO: Single Sign-On

A system that allows users to log in to multiple services using one set of credentials. An example of this is when a website allows you to log in using your Facebook or Google account.

VPN: Virtual Private Network

A system that encrypts your internet traffic and hides your IP address, no matter what network you're connected to. A VPN is useful for connecting to unsecured public access points.

What to do next

In terms of questions, we've only scratched the surface. Our Cyber Essentials sample quiz includes a few more, and scores you on your security to boot.

But more to the point, you don't have to be a security expert to gain your certification. If you sign up with Yoozoom, we'll work closely with your team to make sure all your systems are up to scratch.

We're not like most organisations that offer cybersecurity certification. We don't simply send you the questions and put our feet up – we go the extra mile to make sure you pass with flying colours.

Plus, because we're an IT company through and through, we know the tips and tricks that ensure long-term protection for your business.

Interested? Book a no-obligation chat today, or read our Cyber Essentials page for a complete run-down of how our service works.

(P.S. fancy signing up for our Knowledge Hub? We'll send you genuinely useful tech and security advice by email. No spam, guaranteed.)