Cubit Cyber Check
Next Steps: Strengthen Your Security Together
Get Expert Support
You’re not alone. Our team at Cubit Technology can help you address the areas you want to improve.
Access our Resources
Explore our Resources Hub for practical checklists, guides, and articles on all things cybersecurity.
Join our Mailing List
Each month we share business IT insights, free resources and advice on preventing IT catastrophies.
Frequently Asked Questions
Does my business need multi-factor authentication?
If you use any cloud services for work, yes. Under the April 2026 Danzell update to Cyber Essentials, MFA is required on every cloud service that offers it. If it is not enabled for all users, the assessment is an automatic failure. Beyond certification, MFA is one of the most effective single controls for preventing account compromise, which is the starting point for the majority of business email fraud and data breaches.
How do I know if we are ready for Cyber Essentials?
Readiness depends on whether your current IT controls meet the five core requirements: firewalls, secure configuration, user access control, security update management, and malware protection. Under the April 2026 Danzell update, MFA on all cloud services and 14-day patching are now automatic failures if not in place. The CyberCheck gives you a top-level indication of where you stand before you open a formal assessment account.
How do I assess my agency's IT security without a dedicated IT team?
Most agencies and studios do not have an in-house IT function, which makes independent assessment difficult. A structured tool like the Cubit CyberCheck is designed for non-technical business owners and operations leads. It asks plain-English questions about your current setup and gives you an immediate score and breakdown without requiring technical knowledge to complete it.
We are thinking about getting Cyber Essentials Plus. Where should we start?
Start by understanding your current position before opening a formal assessment account. The CyberCheck gives you a quick sense of where the likely gaps are. From there, a gap analysis against the full Danzell requirements will tell you exactly what needs to be fixed before the independent audit begins. Opening an assessment account before your environment is ready risks a failed assessment, which under Danzell can have more significant consequences than before.
Our agency works with large brand clients. Will they ask us about cyber security?
Increasingly yes. Brand clients, particularly those in regulated industries or with public sector contracts of their own, are pushing security requirements down their supply chains. CE Plus is the most common baseline they specify. Having a current certificate and being able to demonstrate ongoing compliance is becoming a competitive differentiator in new business conversations, not just a procurement checkbox.
How do I know if my business is cyber secure?
Most businesses find out they are not when something goes wrong. A more useful approach is to assess your setup against a recognised standard before that happens. The Cubit CyberCheck gives you a quick view of where your current IT controls stand against the Cyber Essentials Plus requirements, covering the areas most commonly exploited in attacks on small and mid-sized businesses.
What is the business risk of not having Cyber Essentials?
The most direct risk is exposure to common attacks that CE controls are designed to prevent, credential theft, ransomware, phishing, and account takeover. Beyond that, CE Plus is increasingly specified in tenders, particularly in public sector, legal, and enterprise supply chains. Without it, some procurement processes are simply closed to you. Cyber insurers are also beginning to factor certification into underwriting decisions.
What should a cyber security review cover for a small business?
A meaningful review covers five areas: whether devices are patched and up to date, whether admin and user access is properly controlled, whether multi-factor authentication is in place across cloud services, whether malware protection is active and managed, and whether firewalls and network settings are correctly configured. These are the five controls that underpin Cyber Essentials, the UK government-backed standard for baseline security.
How often should a business review its IT security?
At minimum, annually, which aligns with the CE renewal cycle. In practice, anything that changes your IT environment should prompt a review: new cloud tools being adopted, staff turnover, changes to remote working arrangements, or new client contracts with security requirements attached. The CyberCheck is a useful lightweight check between formal reviews to make sure nothing obvious has drifted.
What happens if we have old laptops running outdated software?
If those devices are within the scope of a Cyber Essentials assessment and the software is no longer supported, it is an automatic failure. Windows 10 reached end of life in October 2025 and will fail under Danzell if in scope. Devices running unsupported software need to be either upgraded, replaced, or removed from scope with a clear technical justification before an assessment begins.