Have you heard of the Cyber Essentials Scheme? Would you like to learn more about this scheme and how to pass your Cyber Essentials? Then read on!
In this article, we’ve included information on the Cyber Essentials Scheme and how you can pass your company’s Cyber Essentials!
What is the Cyber Essentials Scheme?
The Cyber Essentials Scheme backed by the Government helps businesses learn how to protect themselves against cyber threats. The scheme also offers a clear statement of basic controls that you and other businesses can have in place to protect yourself from the growing threat of cybercrimes.
The scheme is to ensure the Internet is safe for businesses and organisations across a wide range of sectors. The scheme was developed and is managed by the National Cyber Security Centre (NCSC) and is considered the first step to creating a more secure network. The Cyber Essentials Scheme can protect your company from 80% of the most common security breaches you may encounter.
In addition, Cyber Essentials certification shows that a company can be trusted and is secure in regard to cyber security. Becoming Cyber Essentials certified can help a business learn how to protect its digital assets and personal data. It also ensures those wanting to work with Government supply chain contracts meet the mandatory certification requirements to make bids on projects.
Steps to Pass Your Cyber Essentials
- Understand the Threat to Your Business
The first place to start is to recognise the type of cyber security threats your company faces. This is where many businesses fail. They don’t have a basic understanding of what cybersecurity threats are or how to keep criminal hackers out.
Cyber security is the basic foundation for keeping your business secure and safe from cybercriminals. Without the right protections in place, your company faces many threats and security breaches. All it takes is one cyber attack to make you a believer. You won’t want to go through that experience again. However, there’s a high chance that your business could be hit again if the right measures aren’t in place.
In the past two years, cyber-attacks have gone up about 400%. If that doesn’t scare you, then we’re not sure what will! This statistic shows how important cyber security is for every business, whether you’re a freelancer or a multinational organisation.
Learn to Understand the Technical Controls of Cyber Essentials
Technical controls are put in place to keep your business secure. They’re included in computer hardware, software, firmware, and more, including the following:
Access control provides the ability to control who can access specific data within your business. Each individual employee can be set up with their own accounts. Each account has its own access controls over what data the employee can access. Access controls are usually set up according to employee roles.
Here are some of the most crucial access rules to follow in Access Control:
- All user accounts should be personal and should not be allowed to have access to one another’s accounts.
- Approval from owners and directors is necessary when deciding who holds the power of an administrative account.
- No devices can be guaranteed access without entering a username and password.
- If an employee leaves the company, they should no longer have access to their accounts and systems.
- Administrator accounts are only used when absolutely necessary (for instance, installing software).
- All user accounts must enable multi-factor authentication.
- The list of employees with administrator accounts needs to be regularly reviewed. This is because some roles may have changed over time.
Firewalls & Internet Gateways
A firewall is software that offers protection between external systems and internal systems used by the company. The firewall keeps out anything harmful to your company’s security and keeps the process from happening.
Firewalls should be set with the following rules:
- Employees working remotely should have a firewall installed to keep data secure when accessed on their home Internet.
- A firewall password should have 16 digit characters for increased security.
- Firewalls should be enabled for all company devices.
New work devices or personal devices may not be set up to meet security requirements at work. Some devices, for instance, may include third-party apps and software that are not secure.
So, your company should use the following Device Configuration rules:
- Remove or disable pre-installed apps and systems that are not needed.
- Change all default passwords for accounts; re-enter stronger passwords in their place.
- Ensure that each password is not guessable. It’s possible to do this by using a secure password from an app such as LastPass or making an 8-character long password (or longer). All passwords should include upper case, lower case, and special characters.
- Keep the number of unsuccessful login attempts to no more than 10 within 5 minutes. This makes it more difficult for anyone to compromise an employee account through successive tries at guessing the password.
- Disable all auto-downloads and auto-runs on all systems.
Another way to pass your Cyber Essentials is to ensure your software always stays up-to-date with the latest patches. This is a great way to keep your business safe from cyber security risks.
Follow these rules for Patch Management:
- Make sure all operating systems and apps are supported by a supplier who produces regular fixes for security problems.
- Use only licensed software.
- Review all security updates that are released and have them installed as soon as possible.
- Remove all unsupported apps from devices when they’re no longer supported by the developer.
Malware is often used by cybercriminals to damage or retrieve company data. In addition, malware may be used along with other types of attacks such as phishing.
Follow these rules to follow Malware Protection:
- Install anti-malware software.
- Install the software and keep it updated regularly.
- Anti-malware software needs to have a plugin to prevent you or other employees from accessing malicious websites that pose a security risk.
- Restrict users from installing unsigned applications or those that have not been approved by the company.
- Creating a list of approved apps, so everyone in business knows the apps that are safe and those to avoid.
Conduct Regular Security Checks
Finally, ensure that all company devices and software stay safe and up-to-date. Do this by reviewing the cybersecurity measures you follow and tracking those that may need updates.
Regular security checks are needed to:
- Review all devices and software and when they were last updated.
- Review the types of devices being used by your business.
- Ensure all software and devices are configured properly.
Summing It Up
By following these steps and rules, your organisation has a very good chance of reducing security threats and obtaining Cyber Essentials certification!
23rd February 2024
16th February 2024
9th February 2024