IT Security couldn’t be more important in 2022. With new threats appearing from Russia and China and recent vulnerabilities in popular logging system Log4j, a security threat can jump out from just about anywhere – but we’re here to help.
66% percent of organisations in the UK experienced a phishing attack in 2020 (proofpoint.com), so now is the prime time to invest into your business and fortify your cyber defence strategy. The first step in fortifying your IT Security is making sure your business is Cyber Essentials Plus compliant.
Getting Cyber Essentials certified is becoming increasingly important this year and it won’t be long until insurance companies and prospective clients will be asking you to provide your Cyber Essentials certificate before agreeing to work with your business. Additionally, if you want to work with or receive a grant from the government, you must provide a Cyber Essentials certification. There are two levels of certification; Standard Cyber Essentials which simply involves a tick box exercise that anyone in your organisation can complete and Cyber Essentials Plus that requires an independent review by an external auditor who is experienced in cyber security.
Cyber Essentials Checklist: A Breakdown
As stated on the Cyber Essentials webpage “you’ll need to provide evidence against 5 technical controls”. They are as follows:
- Secure configuration
- User access control
- Malware protection
- Security update management
It is important that your IT Provider is able to provide support for all 5 of these key areas; both of our IT Support Core & IT Support Complete packages will assist you in obtaining your Cyber Essentials certification. To better understand each part of the framework, read on for a breakdown on what each control means.
What it says on the tin! Firewalls are designed to stop encrypted threats, phishing attacks, and block ransomware at your network edge. Our Firewall solutions are made to measure and deliver enterprise-grade security and visibility.
This technical control sets out standards regarding admin controls on your network & effective password management. When a new device comes out of the factory, it’s default settings will not be the most secure for your business, and will need to be configured to establish security controls such as admin accounts & installation of security software. Regular detailed Network and Security assessments are included in both of our IT packages to ensure that your all of your endpoints are securely configured.
User Access Control
This refers to the permissions your organisation gives to different user levels, for example a decision maker in your business is likely to have access to more data and systems than a typical end-user. Additionally, administrative accounts will have certain privileges such as the ability to install software or change passwords on your network.
It is important that proper authentication methods are used when these accounts are implemented, such as password-management software & multi-factor authentication to ensure that your user accounts aren’t compromised by cyber criminals.
Malware comes in many forms, including computer viruses, worms and spyware. It is important that your IT provider performs regular anti-malware scans and can offer both DNS Protection (Web Protection) as well as Endpoint Protection (Antivirus), as this is key in achieving your Cyber Essentials accreditation.
As stated in the Cyber Essentials requirements “Potential sources of malware infection include malicious email attachments, downloads (including those from application stores), and direct installation of unauthorised software”. This also highlights the importance of End User Cyber Security Training which will make your team aware of the potential risks when downloading or opening files that they are unsure of. We think it is so important that we offer our own bespoke End User Cyber Security Training, tailored to keep your team vigilant when it comes to It security.
Security Update Management
Software updates and are important to your computer’s cyber hygiene, as it maintains the latest version of your software and prevents security vulnerabilities. The Cyber Essentials framework outlines that all of your applications must fully licensed and supported by your operating system, and updated within 14 days of an update release. We ensure updates are made in time with automated patch management and deployment across Microsoft and other major brands – all whilst giving you peace of mind that your endpoints are up-to-date and therefore secure.
I don’t have a Cyber Essentials certification for my business, what are the next steps?
If you don’t have some or any of the above security controls implemented in your business, we are happy to guide you through becoming Cyber Essentials Certified. Feel free to get in contact using the form below!