From M&S to Jaguar Land Rover, cyber-attacks are a growing risk. They can affect businesses of all sizes, from small enterprises to multi-million-pound corporations, and they can impact organisations across the globe. Like many businesses, Cambridge Marketing College relies on digital tools to run our day-to-day operations, which means there is always a risk of cyberattacks. To reduce this risk, we’ve become verified in Cyber Essentials Plus. We wanted to share some information about cybersecurity and our journey to becoming verified by Cyber Essentials Plus. Here’s a breakdown of why it’s a smart choice for your business.

What Is Cyber Essentials?

Cyber Essentials is a UK government-backed cybersecurity certification scheme. It helps organisations defend against common threats such as phishing, malware, ransomware, and unauthorised access. In 2026, Cyber Essentials is regarded as the bare minimum requirement for all UK businesses.

There are two levels:

1. Cyber Essentials (Verified Self-Assessment) confirms your organisation has the required security controls in place.

2. Cyber Essentials Plus includes all the requirements of Cyber Essentials but with increased security controls, adding an independent, hands-on technical audit carried out by an approved assessor to validate the controls in place. This ensures your systems meet the required security standards in practice, not just on paper. To undertake Cyber Essentials Plus, your Cyber Essentials certificate must be dated within the previous three months.

Cambridge Marketing College’s Cyber Essentials Journey

It all started with an unrestful night for our CEO. We asked Kiran, the CEO of Cambridge Marketing College, about the night she decided the college needed to focus more on cybersecurity.

She shared: “I was being kept awake by recent stories about cyber-attacks; at the time, it was M&S that had been hit. I knew it was important, but I also knew it wasn’t going to be straightforward, so I started thinking about reaching out to an expert for help.

The next day, Kiran reached out to our IT and Cyber Security partner, ILUX, for expert advice on how to start the journey to shield the college from cyber-attacks. Chris Brown, Strategic Technical Account Manager at ILUX, shared more about the initial discussion: “Cyber Essentials Plus goes beyond paperwork; it proves your defences work in practice. The independent audit tests real devices and real attack paths to validate security against threats and vulnerabilities. We worked closely with the CMC team from start to finish, so they not only achieved the certification but also strengthened their ability to withstand cyber attacks.

The discussion turned into action, and the College began its journey with ILUX to gain Cyber Essentials Plus accreditation.

What Happens During a Cyber Essentials Plus Audit?

During an audit, a registered independent assessor tests your systems to confirm they meet security standards. This includes checking that a sample of devices is securely configured, running vulnerability scans to ensure systems are patched, scanning internet-facing systems for exposed risks, testing email and browser settings against malicious files, and collecting evidence of compliance. If issues are found, you have 30 days to fix them. Once your business passes the audit, you will gain a Cyber Essentials Plus Certificate, which is valid for 12 months.

Next Steps from the College

Cambridge Marketing College is now Cyber Essentials Plus certified, but we didn’t stop there.

Cambridgeshire Constabulary Escape Room for Cyber Awareness Training

cyber awareness training

The College wanted to provide engaging, interactive cyber awareness training for the team. We contacted Cambridgeshire Constabulary, who run an escape room session that teaches cyber awareness in a hands-on way.

Nigel Sutton from Cambridgeshire Constabulary shared some eye-opening statistics: 25% of businesses in the UK were hit by cyber-attacks in 2025, resulting in data and financial losses as well as damaged reputations. The cyber awareness session turned the team into investigators. Along the way, they learned how to be vigilant and reduce the chances of a cyber attack. Teams answered questions to gather clues to crack the overall code.

There was healthy competition between groups, and the session was full of laughter. Not only was the knowledge relevant, but the experience was also fun. Team members even offered suggestions to improve security further in day-to-day roles. We highly recommend this cyber awareness training to any business looking to learn about cyberattacks and prevention.