Have you have made New Year’s Resolutions – how are they going? It would be great if you made a New Year’s Resolution for your organisation as well. We would suggest that at the top of the list should be Cyber Essentials certification.
The Cyber Essentials scheme was developed by the NCSC (National Cyber Security Centre) to show organisations how to protect themselves against cyber threats. These threats are, unfortunately, ever increasing.
The scheme lists five technical controls that organisations should have in place as follows:
- Office firewalls and internet gateways – provides technical protection between your systems and the outside world.
- Secure configuration – how your devices are set up.
- Security Update Management – to ensure that your software is always up-to-date.
- User and Administrative account – access is only given for what is need to carry out the individual’s job.
- Malware protection – to prevent your organisation being attacked.
The vast majority of cyber attacks use relatively simple methods which exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the Internet which enable even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats.
This simple yet effective scheme will help protect your organisation against some of the most common cyber threats, such as:
- Phishing attacks.
- Password guessing.
- Network attacks.
Cyber Essential Certification reassures your current and potential clients that you take cyber security seriously. It is also becoming mandated, or actively encouraged, across an increasing number of government and private sector contracts. For MoD contracts, it is required throughout the supply chain.
The ICO (Information Commissioner’s Office) recognises the Cyber Essentials scheme and its ability to provide certain security assurances and help protect personal data in an organisation’s IT system. ‘Get in line with Cyber Essentials’ is a section in the ICO’s ‘A practical guide to IT security’ publication.
The Cyber Essentials scheme is also encouraged by regulators such as the Financial Conduct Authority, ‘Gaining (a certification), such as Cyber Essentials, could improve the security of your firm.’
Cyber Liability Insurance is included for organisations whose turnover is under £20m, achieving verified self-assessed certification covering the whole of their organisation.
All in all a great New Year’s Resolution for your organisation!