Cyber breaches are on the rise, and many organisations are failing to ensure that their basic cyber security is performing as it should. Holes in security could leave your business vulnerable to attack, so the time to act is now.
The good news is that it is possible to mitigate against 80% of cyber threats simply by ensuring basic cyber security elements are operating correctly. By doing so, your organisation will be better protected and will be a more difficult target for unsophisticated hackers. Even with limited budget and knowledge, implementing best practices can have a significant impact on your business’ cyber security. The Cyber Essentials scheme helps organisations protect themselves from the growing threat of cyber-attacks. Organisations that gain Cyber Essentials certification can demonstrate that they are trustworthy and committed to cyber security.
There are five technical controls that the Cyber Essentials certification evaluates. These are key areas for businesses to consider for effective cyber security:
- Firewalls - A firewall is a network security device that monitors incoming and outgoing network traffic, and either permits or blocks data based on set security rules. Its purpose is to create a barrier between your internal network and incoming traffic from external sources, such as the internet, to block malicious traffic like viruses and hackers.
- Secure configuration – When installing computers and network devices, a secure configuration is vital in order to reduce unnecessary cyber vulnerabilities and ensure that devices only perform the actions they are configured to do. Incorrect secure configurations are one of the most common areas that criminal hackers exploit.
- User access control – User accounts should be assigned to each individual with appropriate limits set to determine their access to applications, computers, and networks. Failure to implement effective user access controls may expose your applications, computers and networks to risk. Hackers can take advantage of uncontrolled administrative privileges, using it to gain access to desktops, laptops and servers. User access controls that have not been configured correctly may also lead to employees unknowingly accessing and misusing data they shouldn’t be authorised to see.
- Malware protection – Anti-malware is a software program created to protect IT systems and individual computers from malicious software. It restricts the execution of known malware and untrusted software, to prevent malicious code from tampering with system settings or contents, which can cause damage or compromise sensitive data. Malware normally comes in the form of malicious code concealed in computer systems and is often installed without the knowledge or consent of the computer's owner. Malware spreads by email, operating systems (OSes), removable media or the internet. Common examples of malware include viruses, spyware, worms, rootkits and Trojan horses.
- Security update management – By ensuring all devices and software are up to date, you are making them less vulnerable to known security issues for which fixes are available. Updates can be configured to install automatically, which removes the risk of employees not installing pending updates.
Cyber security is vital for businesses with Government contracts often requiring Cyber Essentials certification, while MoD projects and Local Authorities also requesting a minimum of Cyber Essentials Plus. By gaining Cyber Essentials certification, your organisation can demonstrate commitment to cyber security which will help suppliers and clients feel more confident in sharing sensitive data and personal information.
Taking a further step on this journey, Cyber Essentials Plus certification includes an assessment, ongoing support and expert advice, and certification to signal a clear dedication to cyber security.
MASS consultants are Cyber Essentials and Cyber Essentials Plus certification body approved.
Speak to one of our cyber security consultants now for expert advice on ensuring your controls are in-line with the Cyber Essentials scheme, and protecting your business from cyber-attack.
