Start with a free IT audit. We’ll review your costs, cybersecurity, and support to uncover ways to cut expenses, boost security, and drive productivity. Book your audit today!
Cyber Essentials is a government-backed program that empowers businesses to protect themselves from online threats that threaten their survival, as well as to demonstrate a cyber security-focused attitude to clients. Many businesses around the country have achieved accreditation since it was introduced in 2014.
In order to achieve Cyber Essentials certification, your organisation must have five technical controls in place. They are as follows:
Let's take a closer look at these.
Network firewalls monitor and control the various forms of network traffic that travel through your system each day, all based on predefined security rules. Your network is separated from the internet by firewalls. It serves as a gatekeeper, allowing or disallowing access.Firewalls prevent unauthorised access to your network, while allowing secure access to those outside your network who you want to have access.Firewall protection is a MUST for all devices in your network. Following the installation of your firewall software, you should take these additional considerations to ensure the best possible level of protection:Firewalls alone aren't enough - you must prove you are blocking high-risk traffic as well.Make sure your Firewall configuration is protected with strong passwords. The more complex the password, the harder it will be to guess. Administrators are advised to use long, complex passwords with numbers, letters, and punctuation.Software firewalls should be installed on devices used outside of the business network. Remote working devices (laptops, phones, and tablets) should not be used on public Wi-Fi networks. We recommend avoiding public Wi-Fi in general.
Security Configuration is the second of the five controls. Device and software settings should be as secure as possible. The key to achieving this goal is proactive IT management.Windows' default security settings are never adequate for system security.Factory settings are designed to be as unrestrictive as possible to let users experience the device as fluidly as possible. The settings can also be customised to meet the user's needs.Cyber Essentials certification requires reconfiguring settings to enforce higher levels of security.
There must be a control over access to data. It is essential to control access to administrative accounts, and privileges should only be granted when absolutely necessary.Users in your business have access to all applications, devices, and sensitive client information. Data theft and damage can be greatly reduced if only authorised personnel have access to accounts reflecting their roles within the organisation.The compromise of an account with privileged access to devices, applications, and information could have devastating effects. In addition, they could facilitate a large-scale attack at a later date, resulting in even more damage - financially, operationally, and reputationally.
You should take all necessary precautions to prevent Malware from entering your system. You will not be able to gain Cyber Essentials accreditation if you fail to do so.Make sure you only install software from trusted sources. Experts constantly monitor apps in Apple's App Store and Google's Play store for malware, for example. A cheap app from an unknown source could open the floodgates to malware.You should install anti-virus software on every computer and device you use, both at home and at work. Due to their basic nature, free anti-virus software on most operating systems does not provide adequate protection from modern, sophisticated cyber attacks.
The importance of updating devices and software cannot be overstated, since not updating devices and software leaves them exposed to security risks and prevents you from achieving Cyber Essentials certification.In this regard, Cyber Essentials takes a slightly lenient approach. If the vendor describes the patch as fixing 'high' or 'critical' flaws, you must install it within two weeks of it being released - at least that gives you time to prepare for it, so you don't have to stop production immediately. You should always ensure that your software is licensed, supported, and up-to-date. Also, it is necessary to remove all software from non-supported devices.You should use a 'Sandbox' if your business uses legacy software that is no longer updated. Using the Sandbox, your apps are prevented from communicating with other parts of your network.
Almost 50% of businesses reported an attack or breach during 2020. Therefore it is critical that organisations take cyber security seriously and invest in advanced measures that extend well beyond traditional perimeter defences.We can guide you through the process from start to finish, reviewing your current IT security environment, recommending any changes, assisting with completion of Cyber Essentials documentation, and implement any changes required. Contact us today to find out more.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.