Important changes are coming to the Cyber Essentials scheme from 28 April 2025. If your business is based in Tees Valley or the North East, it’s time to get prepared.
At Bondgate IT, we help SMEs strengthen their defences against cyber threats and make compliance simple. Here’s what the new Cyber Essentials version 3.2 involves, and how you can stay ahead of the curve.
What Is Cyber Essentials?
Cyber Essentials is a UK government-backed certification designed to help businesses protect against common cyber threats. Overseen by the National Cyber Security Centre (NCSC) and IASME, the scheme also helps organisations meet contractual and legal cybersecurity requirements.
If you bid for public sector contracts or work with sensitive data, being certified is often essential.
What’s Changing in Cyber Essentials 2025 (v3.2)?
The updates reflect how modern businesses use IT today, including hybrid working, cloud reliance, and the widespread use of personal devices for business tasks. These are the key changes you need to be aware of:
1. Third-Party and Personal Devices Are Now Included
Any device that connects to your business systems must meet Cyber Essentials standards. This includes equipment owned by staff, contractors or suppliers.
🔐 Why it matters: You will need stronger device management policies and clearer network boundaries.
2. MFA Is Required for All Cloud Services
Multi-Factor Authentication (MFA) is no longer optional. All users accessing cloud-based tools must have it enabled.
🔐 Why it matters: If you use Microsoft 365, Google Workspace or similar platforms, every account needs MFA to stay compliant.
3. Cloud Services Must Be Properly Configured
You are responsible for ensuring that all cloud tools used in your organisation are securely set up.
🔐 Why it matters: Many services are not secure by default. A configuration audit helps avoid potential vulnerabilities.
4. Unsupported Software Must Be Removed or Isolated
Software that is no longer supported must not be in use on any device connected to your business network. This now includes browser extensions, mobile apps and anything staff install themselves.
🔐 Why it matters: Outdated software is a major entry point for cybercriminals. Regular patching and software audits are critical.
5. Remote Workers Need Secure Home Setups
The guidance has been updated to cover hybrid working. Devices used at home must meet the same security standards as those in the office.
🔐 Why it matters: Staff need support to secure home routers and devices, especially if they work remotely on a regular basis.
Why This Matters in 2025
Cyber threats continue to evolve, with AI-driven phishing, ransomware, and credential theft all on the rise. These changes are designed to reflect that reality.
Failing to comply could result in:
- Lost contract opportunities
- Damaged reputation from data breaches
- Increased risk to staff and customer information
For SMEs across Tees Valley, staying Cyber Essentials certified is not just a tick-box exercise. It is a necessary layer of protection.
How Bondgate IT Can Help
We support businesses across Darlington, Middlesbrough, Hartlepool and the wider North East with Cyber Essentials compliance. Our services include:
- Cyber Essentials readiness assessments
- Cloud security reviews and configuration support
- Managed MFA setup and user onboarding
- Secure solutions for remote and hybrid workers
- Software patching and asset management
- Cybersecurity awareness training for employees
We do not just help you pass—we help you protect what matters.
Act Now to Stay Compliant
Cyber Essentials version 3.2 becomes mandatory for all certifications issued from 28 April 2025. If your certificate is due for renewal after this date, you need to start planning now.
📞 Contact Bondgate IT today on 01325 369 950 for a no-pressure review of your current setup. We will help you identify risks, close gaps and achieve compliance quickly and confidently.