This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.

Advice and information is changing daily as we navigate our way through the COVID- 19 pandemic, so please ensure you only take information from reputable sources.

If you require any further information, assistance or guidance please contact the EMSOU Protect Team or your local Force protect team. In today’s blog, we’re discussing ‘cyber essentials’, a government-backed training scheme to help organisations of all sizes protect themselves against cyberattacks. If you’re interested in undertaking a Cyber Essentials course, you can find a training provider listed on our Trusted Partners page. Cyber Essentials - what is it and who is it for?

Cyber Essentials is a simple but effective government-backed scheme that will help protect organisations, whatever the size, against a whole range of the most common cyber-attacks.

Attacks come in many shapes and sizes, but the vast majority are very basic in nature and are carried out by relatively unskilled individuals. Think of them as the digital equivalent of a thief trying the front door to see if it’s unlocked. There are two levels of certification offered:

Cyber Essentials self-assessment

This option gives protection against a wide variety of the most common cyber-attacks by addressing procedures and cyber security measures. Vulnerability to simple attacks can mark organisations out as a target for more in-depth and unwanted attention from cyber criminals and others.

Certification gives peace of mind that an organisations’ defences will protect against the majority of common cyber-attacks. These attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials Plus

Cyber Essentials Plus offers additional hands-on technical verification and certification of the procedures and security measures implemented in Cyber Essentials. Questions and answers about the scheme and certification can be found here.

What are the advantages of Cyber Essentials?

• Reassure customers that you are working to secure your IT against cyber-attacks. • Attract new customers with the confidence that cyber security measures are in place. • A clear picture of the organisation's cyber security level. • Some government contracts require Cyber Essentials certification.

To bid for central government contracts, which involve handling sensitive and personal information, or the provision of certain technical products and services, organisations will require Cyber Essentials Certification. More information is available on the Gov.UK website.

Contact NCSC Cyber Essentials Partner the IASME consortium to get certified.

Hot topics

Reports have been received of emails purportedly from BMW in which recipients are told they have won a brand new BMW 5 Series and cash prize in a BMW COVID-19 lottery. Recipients are told to contact the claims department and send in their personal details.

Attempts by fraudsters to acquire information, which would support fraudulent applications for COVID-19 retail, hospitality and leisure grants have targeted organisations such as Lloyds Pharmacy, Greggs (bakery), Boots and Marston’s Brewery. Each attempt uses the closure of premises or homeworking to justify the enquiry for information relating to; premises, reference numbers and/or extended retail discount. On closer examination the email addresses are not formatted correctly and website details and telephone numbers are incorrect. Always verify unexpected requests by other means.

Users of the QTS operating system (used in file sharing, storage, back up etc.) have been urged to update to the latest version as devices running older versions of the QTS operating system. These may be attacked through a number of vulnerabilities which, when chained together, would allow an attacker to gain remote access.


Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.