Cyber Essentials is a government backed scheme providing cybersecurity certification. The scheme sets out five focus areas where up to 80% of cyber-attacks can be nipped in the bud. If you’re keen to illustrate to your customers, investors, and insurers that you have taken essential preventative measures against cyber-attack, then Cyber Essentials is for you.
Five key Cyber Essentials measures you should take:
- Operate with a secure systems configuration – A well configured network will not only enable you to protect your system from certain vulnerabilities, but also properly understand how you use your IT resources. This in turn will help you to identify systems and databases that are no longer used or required. Ensuring your setup is configured securely will also facilitate you reducing your overall storage and bandwidth consumption; it’s a win for you whatever.
Examples of activities that promote a well configured system:
- Not using default passwords
- Not leaving unnecessary software installed on your network
- Operating a consistent software installation process
- Managing file and directory permissions carefully
- Minimising the use of auto-run features not requiring administrator consent
- Installing personal firewalls on all devices
- Documenting your network configuration
- Implement boundary firewalls and internet gateways – When a user connects to the internet, firewalls and gateways provide a basic level of protection against cyber-attack. Firewalls also monitor activity and enable you to identify and block unwanted traffic that could be harmful to your system.
Examples of activities that help your firewalls work hard for you:
- Not using default administrator passwords
- Configuring your firewall rules correctly
- Training staff to only go onto trusted websites
- Restricting inbound and outbound traffic to authorised connections only
- Manage access control and administrative privileges – Of course, managing access and permissions carefully helps to stop malicious invasion. However, even at a lower level it is of benefit to your business, for it reduces the opportunity staff have to download time-wasting software and apps. Inside attack is, though, a serious threat, so only assigning administrator access to authorised individuals is key.
Examples of activities that create a successful access control policy:
- Ensuring you have a documented user account management process and system
- Not using administrator accounts for non-administrator activities
- Preventing unauthorised accounts from having special access to applications and the network
- Enforcing unique usernames and a strong password strategy
- Enforcing the change of passwords on a regular basis
- Keep patches up to date – Once a software vulnerability has been made public on the internet, hackers will jump on it. It’s critical, therefore, that you apply software patches whenever they’re issued. However, software developers often issue patches to improve performance of their applications as well as improve security, so it’s of benefit to your business in more than one way to ensure you are applying patches on a regular basis.
Examples of activities that will improve the effectiveness of your patch process:
- Not using unlicensed and unsupported software
- Installing updates and patches when they are released
- Removing unsupported software from your network
- Implement appropriate malware – Firewalls don’t protect against malicious content on websites, so anti-malware protection is needed. Anything from the expected ‘adult’ sites to simple blogs can be a threat, so a strong malware policy is required.
Examples of activities that improve your chances of avoiding malware:
- Installing anti-malware software on devices as well as your network
- Using anti-malware software that automatically updates and scans regularly
- Ensuring your anti-malware software blacklists websites
If you’d like to understand more about how Cyber Essentials can help your business, please give us a call. We’d be delighted to talk about it in more detail with you.