Get in line with Cyber Essentials

Cyber Essentials is a security certification scheme that is backed by the UK Government.  It provides organisations with a baseline for their cyber security and it is claimed that, once implemented, will thwart around 80% of cyber attacks.

It is also beneficial to get certified as it helps organisations to address the regulatory compliance commitments for GDPR (General Data Protection Regulations).

The Cyber Essentials scheme describes the following five key controls for keeping Information secure. Obtaining a Cyber Essentials certificate can provide certain security assurances and help protect personal data in your IT systems.

 

Firewalls and Internet Gateways

This is first line of defence against cyber attacks. A well-configured firewall can stop breaches happening before they penetrate deep into your network. An internet gateway can prevent users within your organisation accessing websites or other online services that present a threat or that you do not trust.

 

Secure Configuration

Configure all hardware and software carefully to provide the most effective protection. Remove unused software and services from your devices to reduce the number of potential vulnerabilities. Review the vulnerability databases that are available online to identify any known vulnerabilities in the software you do run. Change all default passwords used by hardware or software and always use strong passwords.

 

Access Control

Restrict system access to users and sources that you trust. Each user must have and use their own username and password. Each user should use an account that has permissions appropriate to the job they need to carrying.

 

Malware protection

Make sure you have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats. It is important these products are kept up-to-date and are correctly monitoring the desired files. Act upon any alerts issued by the malware protection immediately.

 

Patch Management and Software Updates

Keep your software up-to-date by checking regularly for updates.  If they are found, apply them. Most software can be set to update automatically. If your system is a few years old, you should review the protection you have in place to make sure that it is still adequate.


Antony 11 Jul 2017