There are lots of initiatives that businesses can take to improve their cyber security defences. One of the main incentives for UK businesses is the government-backed Cyber Essentials Scheme.
What is the Cyber Essentials scheme?
Due to the increased number of cyber attacks, the negative impact on individual businesses and the economy, and consequently the need to ensure that good practices in information security take place, the UK government Department for Business, Innovation and skills, introduced the government-endorsed Cyber Essentials scheme.
Cyber Essentials was developed in 2014 in collaboration with the Information Security Forum, the Information Assurance for Small and Medium Enterprise Consortium, and the British Standards Institution. Due to the significant rise in these attacks in the last few years, especially for SMEs, security is now more vital than ever.
The scheme was introduced to protect data by providing a security framework, ensuring companies follow a basic level of due diligence on how data is accessed and secured to avoid it being compromised.
It covers a set of five basic controls which have been designed to ensure businesses keep their data secure. These are:
- Access control
- Secure configuration
- Patch management
- Malware protection
- Internet gateways and boundary firewalls
What are the benefits of the Cyber Essentials certification?
The benefits a certification brings includes improved protection against 80% of the most common cyber attacks. Some of the additional advantages include:
- Trust and confidence – companies that have the Cyber Essentials trust badge are showing their compliance and dedication to cyber security, this aims to build trust and confidence amongst customers, suppliers, investors, and other partners
- Secure partnerships – it is also a useful standard for companies to check for when working with potential partners when data is involved
- Reassurance – Cyber Essentials can reassure customers that you are working to secure your IT systems against cyber attacks, which can help you attract new business
- Free insurance – businesses that comply may be eligible for free cyber insurance cover up to £25,000 and it may also reduce other business insurance costs.
What are the latest updates to the Cyber Essentials scheme?
In early 2022, several updates were applied to the Cyber Essentials scheme to bring it into line with the changes in cyber security protocols and keep pace with the changing world of work.
As more businesses turn to cloud computing and many workforces now work remotely (at least some of the time), the scheme was updated to reflect these changes with the following initiatives.
Home working devices
One of the biggest changes to working environments is the speed at which many businesses have transitioned to remote or hybrid working, accelerated by the Covid-19 pandemic. To maintain compliance, all devices (including laptops, tablets, and smartphones) that are used for home-based working must be secured via the necessary firewall guidelines and other security measures.
Multi-factor authentication
To comply with the Cyber Essentials accreditation, businesses must now implement multi-factor authentication (MFA), which provides an additional layer of protection beyond passwords and greatly reduces the chances of an unknown or unwanted user accessing a network.
Endpoint devices
Under the initial scheme, businesses only needed to have their server systems certified as part of the assessment. However, the 2022 update means that it’s now compulsory for all endpoint devices to also be secured to prevent vulnerabilities across the network.
Software updates
The latest Cyber Essentials update recommends that newly released and high or critical-risk software updates are applied within 14 days of release. Automatic updates should also be enabled for critical software, with the software on devices no longer in use being uninstalled. Finally, all software must be fully licensed and purchased directly from the developer.
Account separation
Staff are encouraged to have separate accounts for work and social use to reduce the risk of the business’s network being compromised. This means that non-work activities such as browsing social media or surfing the web should be done using a separate account from the one used for work.
How can you become Cyber Essentials certified?
Cyber Essentials is a self-assessment scheme that can be completed remotely. However, to ensure full compliance and to maintain compliance we recommend that you work with your IT department or outsourced IT support company who will be able to carefully and effectively guide you through the process.
Some organisations (particularly the Government and public sector) will require Cyber Essentials Plus accreditation for you to transact business with them. This is the same as Cyber Essentials but with the addition of a detailed third-party security assessment.
Everything Tech is an IT support provider with the Cyber Essentials badge, and we have worked with a number of our customers to help them achieve Cyber Essentials accreditation. If you want to find out more about the scheme contact us today.
