Cyber Essentials turned 10 this week, so after a decade of improving cyber security, it’s time we ran through a bit more about what it is and why you need it.
If you’re a business owner who has been chatting to IT providers, we hope that implementing Cyber Essentials has at the very least been pitched to you.
But if you’ve been left with the feeling that Cyber Essentials are meaningless buzzwords that only IT professionals care about, then we urge you to read on.
Cyber Essentials is a government-backed scheme that protects your business from cyber-attacks and it’s something every business owner should be putting in place. Using Cyber Essentials should be a fundamental part of your security processes, as much as having an alarm system fitted in your office is. It’s about not being left open to crime.
It helps protect against the most common cyber threats, sends a message to your customers that you are protecting their data against cyber attacks, and keeps your business from the major disruption cyber crime can cause.
Cyber hackers are looking to exploit weaknesses and vulnerabilities – so stop them in their tracks by getting a basic level of protection.
There are 5 controls Cyber Essentials will ask you to put in place…
Firewalls
Anything connected to the internet should be protected by a firewall so your network can be guarded against external threats.
Its job is to allow or block access to external sources based on a list of predetermined rules.
Your firewall will need to be configured to meet the requirements of Cyber Essentials and will need to be regularly reviewed to ensure it’s doing its job.
Secure Configuration
Cyber Essentials recommends configuring your computers and network devices so only the minimum amount of information is disclosed externally. This will be more involved than just going with the default settings, which often have all connectivity turned on and default passwords, leaving you more vulnerable to attacks.
You are encouraged to turn off functions and services you don’t need, password protect all your devices that are used for work purposes (including smartphones), and add multi-factor authentication where possible.
Access Control
Hackers will want to target accounts with administrator rights so they can break into everything. It might be convenient to give admin rights to lots of people, but it only creates more cyber attack targets.
Create a system and approval process for managing and granting access, so it is only given out to authorised individuals where it is really needed to perform a role.
It’s also good practice to keep on top of accounts and remove old or unnecessary ones.
Malware Protection
Malware is designed to disrupt, damage, and gain unauthorised access to a computer network, for example, a computer virus is malware.
Malware can make its way into your system in various ways – opening an unknown file on a USB stick, clicking a link in an unsolicited email, or using a compromised website.
To protect against it you need anti-malware software in place that can detect and disable malware before it can do any harm.
Any software needs to be configured, reviewed, and updated to make sure it stays relevant.
You also need to create an application whitelist, which means only trustworthy software can be used.
Keep Software & Systems up to date
Patching is the process of applying updates to systems, software, and devices. This can happen automatically but sometimes needs extra management. You also need to stay across which devices are supported.
At Start Tech we are passionate about getting your cyber hygiene up to scratch as soon as we start working with you. We then keep reviewing and updating it, so cyber attacks are never something that impacts your business.
Don’t fake it when it comes to getting the accreditation – work with a trusted company to get your Cyber Essentials. You are only putting yourself at risk but providing false information to gain certification. As an NCSC Assured Service Provider, we are who the NCSC would recommend you take cyber advice from, especially when it comes to Cyber Essentials. We have two certified Cyber Advisors on our team – Jordon and Matthew.
If you’d like to find out more about implementing Cyber Essentials, get in touch with the team.