What Is Cyber Essentials And How Can It Benefit Your Business
The emergence of Cyber Essentials
Cyber-attacks are becoming an all too common place in todays business world. The aftermath of this being losses of thousands and in some cases millions of pounds, loss of productivity as well as economic disruption.
In 2012 the UK government saw the need for companies to take responsibility for their users and clients data security. This is where the Cyber Essentials scheme was launched and implemented in November 2013 to provide businesses with a world-leading assurance mechanism to demonstrate to their customers, stakeholders and users that the most important cybersecurity mesaures had been implemented and that their security and privacy was assured.
Certified companies would get awarded with a Cyber Essentials badge which communicated that they are taking the issue of data protection seriously, as well as authorising them to bid for government based contracts.
Five Cyber Essentials Application Areas
The scheme aides’ businesses to take basic steps in protecting themselves from online threats and criminals. Measuring up a company against the five key security controls – it gives a business the confidence that they are protected against many forms of common cyber-attacks while relaying this assurance to stakeholders and customers. The five key technical controls reviewed as part of the Cyber Essentials scheme include:
- Boundary firewalls and internet gateways
Responsible for providing a buffer between your businesses internal IT network and the internet.
Cyber Essentials certification requires that you “configure and user a firewall to protect all your devices paticuarly those that connect to public or other untrused Wi-Fi networks.”
- Secure configuration
Ensuring that any form of default configurations (e.g. default passwords) are changed, password policies are integrated and access is restricted or in some cases revoked to increase the level of security for that device or software.
Cyber Essentials Certification requires that “only necessary software, accounts and apps are used.”
- Access control
Restricting or revoking access to your software and systems to limit the potential damage that could be done if an account was to be misused or stolen. Staff access should have just enough access for them to be able to fulfull their role.
Cyber Essentials Certification requires that you “control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled”.
- Virus and malware protection
Every business should have anti-virus and anti-malware software installed on all their devices connected to the internet. This software should be monitored, kept up to date, offer whitelisting functionality as well as sandboxing to allow staff members to test files for potential damage.
Cyber Essentials Certification requires that you “implement at least one of the approaches listed above to defend against malware”.
- Patch management
Ensuring that all your devices are kept up to date with the latest software and firmware updates as well as removing any devices that are running non supported hardware or software such as Microsoft’s Windows XP.
Cyber Essentials Certification requires that you “keep your devices, software and apps up to date.”
Why Does Your Business Need Cyber Essentials?
- Providing you as a business owner with extra confidence that you are meeting the best practice standard for IT security as outlined by the National Cyber Security Centre.
- It will enhance your businesses reputation and open up new commercial opportunities by providing to your potential clients that you take data security extremely seriously.
- If you are interested in applying for government based contracts you will need to be Cyber Essentials accredited.
- Secure the supply chain and be assured of regular inflow. This scheme helps prove your commitment to your suppliers and customers’ data protection.
Only 1 in 4 companies that suffered a malicious data breach in the past year were well prepared for the attack. But being fully Cyber Essentials accredited reduces the risk of being prone to attacks such as malware infections, hacking and social engineering by upto 80%.