0800 082 2420 email
0800 082 2420 email

Blog

Latest news and more from Evaporate

Jack

Managing Director

close
0800 082 2420

What Is Cyber Essentials And How Can It Benefit Your Business

Posted 15th May 2018

The emergence of Cyber Essentials

Cyber-attacks are becoming an all too common place in todays business world. The aftermath of this being losses of thousands and in some cases millions of pounds, loss of productivity as well as economic disruption.

In 2012 the UK government saw the need for companies to take responsibility for their users and clients data security. This is where the Cyber Essentials scheme was launched and implemented in November 2013 to provide businesses with a world-leading assurance mechanism to demonstrate to their customers, stakeholders and users that the most important cybersecurity mesaures had been implemented and that their security and privacy was assured.

Certified companies would get awarded with a Cyber Essentials badge which communicated that they are taking the issue of data protection seriously, as well as authorising them to bid for government based contracts.

 

Five Cyber Essentials Application Areas

The scheme aides’ businesses to take basic steps in protecting themselves from online threats and criminals. Measuring up a company against the five key security controls – it gives a business the confidence that they are protected against many forms of common cyber-attacks while relaying this assurance to stakeholders and customers. The five key technical controls reviewed as part of the Cyber Essentials scheme include:

 

Responsible for providing a buffer between your businesses internal IT network and the internet.

 

Cyber Essentials certification requires that you “configure and user a firewall to protect all your devices paticuarly those that connect to public or other untrused Wi-Fi networks.”

 

Ensuring that any form of default configurations (e.g. default passwords) are changed, password policies are integrated and access is restricted or in some cases revoked to increase the level of security for that device or software.

 

Cyber Essentials Certification requires that “only necessary software, accounts and apps are used.”

 

Restricting or revoking access to your software and systems to limit the potential damage that could be done if an account was to be misused or stolen. Staff access should have just enough access for them to be able to fulfull their role.

 

Cyber Essentials Certification requires that you “control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled”.

 

Every business should have anti-virus and anti-malware software installed on all their devices connected to the internet. This software should be monitored, kept up to date, offer whitelisting functionality as well as sandboxing to allow staff members to test files for potential damage.

 

Cyber Essentials Certification requires that you “implement at least one of the approaches listed above to defend against malware”.

 

Ensuring that all your devices are kept up to date with the latest software and firmware updates as well as removing any devices that are running non supported hardware or software such as Microsoft’s Windows XP.

 

Cyber Essentials Certification requires that you “keep your devices, software and apps up to date.”

 

Why Does Your Business Need Cyber Essentials?

 

Only 1 in 4 companies that suffered a malicious data breach in the past year were well prepared for the attack. But being fully Cyber Essentials accredited reduces the risk of being prone to attacks such as malware infections, hacking and social engineering by upto 80%.