CYBER ESSENTIALS EXPLAINED: PROTECT YOUR BUSINESS AGAINST CYBER ATTACKS
Cyber attacks come in many forms, but the majority are very basic in nature, carried out by relatively unskilled individuals. In 2016, 60% of small businesses in the UK suffered a cyber attack or breach.
In 2014, the government launched Cyber Essentials, a simple but effective scheme to help all organisations protect themselves against common cyber attacks.
As an industry backed scheme, Cyber Essentials set five basic technical controls for organisations to use. When implemented correctly, they can prevent around 80% of cyber attacks.
Cyber Essentials Technical Controls
1. Use a firewall to secure your internet connection
Protecting your Internet connection with a firewall provides you with a basic level of protection. This effectively creates a ‘buffer zone’ between your IT network and external networks. All incoming traffic can be monitored and blocked if deemed harmful. If your firewalls are not updated or weak, it can make your business vulnerable.
Cyber Essentials Certification requires that you configure and use a firewall to protect all your devices, particularly those that connect to public or other untrusted wi-fi networks.
There are two types of firewall:
- Personal firewall:on your internet connected laptop (normally included within your Operating System at no extra charge).
- Boundary firewall: if you have many different types of devices, it places a protective buffer around your network as a whole.
2. Choose the most secure settings for your devices and software
When implementing infrastructure of software and devices, you need to ensure systems are configured and security measures are in place.
Manufacturers often set default passwords of new software and devices to standard (ie. ‘admin’ and ‘password’). Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data.
- Check the settings of new software and devices
- Remove any functions, accounts or services which you do not require
- Change all default passwords before device are distributed and used
- Use two-factor authentication (2FA) such as a code sent to your phone which you must enter in addition to your password
3. Control who has access to your data and services
Employees of an organisation are the biggest threat in regards to cyber security. To minimise the potential damage if an account is misused or stolen, ensure employees have access at the appropriate level.
Cyber Essentials Certification requires that you control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled.
- Have a user account management system in place which manages employee privileges (ie. administrative vs standard account)
4. Protect yourself from viruses and other malware
Malware short for ‘malicious software’ and viruses a form of malware, aredesigned to disrupt, damage, or gain unauthorised access to a computer system.A user may simply open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware.
For CyberEssentials Certification, businesses are required to implement at least one of the to defend against malware:
- Enable Anti-malware measures:often included for free within popular operating systems for all computers and laptops. Smartphones and tablets should be kept up to date, password protected, avoid connecting to unknown wi-fi networks and the ability to track and erase lost devices.
- Whitelisting:an administrator creates a list of applications allowed on a device that prevents users installing and running applications that may contain malware.
- Sandboxing: use versions of an application that support ‘sandboxing’ which is run in an isolated environment with very restricted access to the rest of your device and network and beyond the reach of malware.
5. Keep your devices and software up to date (patch management)
It’s important to keep all of the devices, operating systems, installed apps and software on your systems up to date. Manufacturers and developers release regular updates to fix any security vulnerabilities discovered, and applying these updates or ‘patching’ is one of the most important things you can do to secure your systems.
- Operating systems, programmes, phones and apps should be set to automatically update
- When a manufacturer no longer supports your hardware or software, you should consider a modern replacement
To see how your business measures up, check out our Cyber Essentials Checklist
Once an organisation is fully compliant they receive a Cyber Essentials certificate to indicate to customers and stakeholders that they have safety measures in place. There are two levels of certification available:
Cyber Essentials: this option gives you protection against a wide variety of cyber attacks that target enterprise-level and corporate IT systems. It involves a self-assessment questionnaire and an external vulnerability scan and will show you how to address the basics and prevent the most common attacks.
From £300 approx (+VAT)
- Reassure customers that you are working to secure your IT against cyber attack
- Attract new business with the promise you have cyber security measures in place
- You have a clear picture of your organisation's cyber security level
- Some Government contracts require Cyber Essentials certification
Cyber Essentials Plus: is recommended for businesses to demonstrate a higher level of security assurance. This includes all of the Cyber Essential assessments but includes an additional internal scan and an on-site assessment.
- Includes all of the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts
No matter which option you choose, Cubit Technology can help guide you on how best to protect your business. We can help you identify vulnerabilities by assessing how your business currently measures up against the five technical controls. We’ll also help you set up security measures in order for your business to easily comply with Cyber Essentials Certification.
For more information on how Cubit can help your business with Cyber Security and Cyber Essentials Certification, contact us to have a chat.