You may have heard the term ‘Cyber Essentials’. We’re here to break down the jargon and tell you all about it.
What is Cyber Essentials?
Cyber Essentials is a certification that’s government-backed and industry-supported. It’s designed to help businesses adopt good practices and implement a simple set of security controls. This in turn helps protect business against online threats. The steps do not provide complete protection for your business, but are helpful to organisations as a first step.
Your business has to fund the Cyber Essentials certification and a renewal is needed each year. You can read more about why you should consider Cyber Essentials in our previous post.
What does Cyber Essentials involve?
The Cyber Essentials certification focuses on five main elements that are believed to be the minimum needed to adequately help to protect an organisation’s systems.
Security
Having a secure configuration is all about locking any ‘open doors’ that are not needed. This can be in regards to deleting accounts that are not in use, to uninstalling unused software.
Firewalls and Gateways
This section is about protection between company computers and the internet. It can range from securing your internet router with a strong password, to preventing your network from being exposed to the internet.
Access Control
This element focusses on your company’s procedures in regards to administration privileges. Ensuring your users don’t work in admin mode, making sure you know who has admin access and why, and using strong passwords are all controls that you’ll see featured in this section.
Patch Management
The patch management element considers your software; ensuring licences are up to date, software is supported and you’re regularly updating things.
Malware Protection
And finally, in order to help spot viruses so they can be removed before causing any damage, anti-virus software. This is required on all machines for Cyber Essentials and needs to be kept up to date.
It’s worth bearing in mind that while the Cyber Essentials certification provides good grounds for a business to start with, it does not include any user training. If training is implemented well, this can be a critical part in helping to enhance business security.
Should you need any further guidance on Cyber Essentials, don’t hesitate to reach out to our friendly team.