The UK Government has developed a scheme to help organisations identify the controls they should implement to mitigate the risks from common Internet threats. The scheme, called Cyber Essentials, offers basic measures that any type or size of business can implement.
The Cyber Essentials Scheme does not address more advanced cyber threats, but it does provide a set of controls and, when these are implemented across a company’s IT system, provides basic protection from common Internet threats.
Companies can additionally sign up to their Assurance Framework, however, implementing the Cyber Essentials controls noted below without the Assurance Framework are a good start to ensure your business is protected.
For more information about the Cyber Essentials Scheme you can visit: https://www.cyberaware.gov.uk/cyberessentials/
What Does Cyber Essentials Cover?
The following areas of control are included within Cyber Essentials:
Firewalls and Internet gateways:
One or more firewalls should be installed with strong admin passwords; unapproved services or those vulnerable to attack should be disabled at the boundary firewall by default; firewall rules no longer required should be disabled; the admin interface should not be accessible from the Internet.
Unnecessary user accounts should be removed or disabled; strong user passwords; unnecessary software should be removed or disabled; auto-run feature should be disabled; personal firewalls should be enabled.
User access control:
All user account creation subjected to approval process; special access privileges restricted to limited number and details kept in secure location; admin accounts only used to perform legitimate admin activities; users to authenticate using unique username and strong password; user accounts disabled when no longer required.
Malware protection software should be installed on all computers, kept up to date, configured to scan files automatically upon access and prevent connection to malicious websites.
Software on computers and network devices should be licensed and supported to ensure security patches are made available; updates to software should be installed within a timely manner; out of date software should be removed.
The Cyber Essentials Assurance Framework
If required by an organisation, two levels of certification are available at an additional cost:
Companies undertake a self-assessment of their implementation of the Cyber Essentials controls which is then verified by an independent Certification Body.
Cyber Essentials Plus:
This involves external testing of your cyber security approach through an independent verification process.
Following successful completion a certificate will be awarded and you can display either the Cyber Essentials or Cyber Essentials Plus logo.
MBM can help you identify the IT systems that may be at risk from common Internet-based threats.
MBM can help you complete the self-assessment questionnaire as we understand the technical IT information and terminology. And if we already manage your IT network, we already know the answers!
MBM can help you implement actions against the controls noted above to ensure you have basic cyber security protection for your business.
If you’d like to find out more about Cyber Essentials and how your business could benefit from implementing some IT security measures, call one of our friendly MBM team on 01902 32 44 94 or email firstname.lastname@example.org