Why should you consider a Cyber Essentials accreditation?

Electronic Business Systems Ltd (EBS)

Cyber Essentials is a government endorsed scheme to help organisations protect themselves against cyber threats. EBS is proud to announce that we have received Cyber Essentials Plus accreditation and we would encourage you to consider this too.

Cyber-attacks are varied in approach, but 95% begin with an email and they are the digital equivalent of a thief trying your front door to see if it is unlocked.

Why should you consider becoming accredited?

  • Reassure your customers that you are working to secure your IT against cyber-attack.
  • Attract new business with the promise you have cyber security measures in place.
  • You have a clear picture of your organisation’s cyber security level.
  • Some government contracts require Cyber Essentials certification.

There are two levels of certification:

Cyber Essentials

This is a self-assessment option that checks your protection against a wide variety of the most common cyber-attacks. Without protection against even the most basic threats your business can become a target for more vicious attacks.

Certification should reassure you that your defences will stand up against most common cyber-attacks, Cyber Essentials shows you how to address the basics. 

Cyber Essentials Plus

Cyber Essentials Plus includes a technical verification of the Cyber Essentials you have in place. You will likely need to work with a Cyber Essentials consultant to ensure that all details and documentation are completed. But you should start with the basic Cyber Essentials certification first. 

What are the Controls of the Cyber Essentials Scheme?

There are 5 main security controls:

Firewalls & Internet Gateways

All of your internet-connected devices should be protected by a firewall; a barrier that protects your system and devices from incoming threats. Firewalls check incoming web traffic outside of your network and decide whether to allow it through. This is even more critical with many of us working from home in the current pandemic.

It is important to make sure that it is not only computers are protected, but all devices, such as smartphones, etc. If you are connecting to the Internet out of your office, where security levels are not known i.e. over public Wi-Fi, the firewall should be configured to take this into account.

Secure Configuration

You need to ensure the best security settings on your devices and software. Attention should be given to all applications on your devices, especially ones that are possibly never used. These applications are likely to have standard logins and passwords – fodder for cyber criminals. If applications are not required, they should be removed.

Applications that you need and use, should always use strong, unique passwords and make sure they are not easily guessable e.g. not ‘password’.

In addition to passwords, we recommend additional levels of security such as a PIN or fingerprint ID. Where possible multi-factor authentication (MFA) is recommended. MFA sends additional verification requests to a device such as a mobile phone and when verified access to the relevant application is granted.

User Access Control

Ensure that only authorised persons have access to those applications required to perform their tasks. This will reduce potential threats, by minimising what can be accessed by an attacker.

Customisation of access will be required for each user to the next. Only administrators should have access to system settings and configurations. You may be surprised how many users have administrative privileges when they do not need to. All passwords and permissions should be reset, and a company-wide protocol introduced.

Activities should also be restricted since Internet browsing could leave an account vulnerable to intrusion, even for an administrator. Attackers could have access to everything the administrator does, providing an open door to everything on your network.

Only approved sites should be used for downloads which should ensure the required security standards are met – with no malware attached.

Malware Protection

Most of you will have reputable anti-virus software, including EBS’ managed anti-virus solutions. This is only one element of what is required to achieve Cyber Essentials.

In addition to software, there is an element of self and staff education on how viruses and malware get onto your systems. For instance:

  • Don’t download email attachments from senders you do not know, or if you do know the sender but the email looks suspicious.
  • Don’t plug-in removable storage devices if you don’t know their origin.
  • Don’t visit dodgy websites. But how do you know if a website is secure? The address will usually start with ‘https’ – the ‘s’ indicates it has an SSL certificate, meaning any sensitive information you input is protected. Look for proper contact information and a privacy policy. But common-sense will usually prevail – watch out for pop-up offers etc.

Patch Management

Cyber Essentials certification requires that you keep your devices and software up to date. Software authors regularly issue patches and security updates.

Additionally, if you are running with unsupported operating systems on your PCs or servers, you will not gain Cyber Essentials accreditation (i.e. Windows XP or Windows 7).

Pending updates should not be ignored. Updates may add new features, but they also update gaps found in security that could be exploited.

EBS offers a patch management managed solution taking the stress away from ensuring your applications are kept up to date. 

Whether you wish to go down the path of Cyber Essentials or Cyber Essentials Plus accreditation, the fact remains that the above five security protocols need to be in place to ensure that you are protected against cyber-attack, in whatever form that may take.

It really is no longer enough to think that you can rely on anti-virus software alone.

EBS can provide consultancy to help you achieve Cyber Essentials.

Ask yourself these 5 questions:

  • Do you have a next-gen Firewall such as a SonicWall?
  • Do you have good password and security protocols in place?
  • Who has admin passwords for your systems and software?
  • What anti-virus and mail filtering do you have in place e.g. EBS managed AV and Mimecast?
  • Are all your software and operating systems up to date?

If your answer to any of the above is “No” ,speak to us for further advice.

Chamber members receive 10% discount off their first order.

Contact info@e-b-s.co.uk or call 0121 384 2513