Electronic Business Systems Ltd (EBS)
Cyber Essentials is a government endorsed scheme to help organisations protect themselves against cyber threats. EBS is proud to announce that we have received Cyber Essentials Plus accreditation and we would encourage you to consider this too.
Cyber-attacks are varied in approach, but 95% begin with an email and they are the digital equivalent of a thief trying your front door to see if it is unlocked.
Why should you consider becoming accredited?
There are two levels of certification:
This is a self-assessment option that checks your protection against a wide variety of the most common cyber-attacks. Without protection against even the most basic threats your business can become a target for more vicious attacks.
Certification should reassure you that your defences will stand up against most common cyber-attacks, Cyber Essentials shows you how to address the basics.
Cyber Essentials Plus
Cyber Essentials Plus includes a technical verification of the Cyber Essentials you have in place. You will likely need to work with a Cyber Essentials consultant to ensure that all details and documentation are completed. But you should start with the basic Cyber Essentials certification first.
What are the Controls of the Cyber Essentials Scheme?
There are 5 main security controls:
Firewalls & Internet Gateways
All of your internet-connected devices should be protected by a firewall; a barrier that protects your system and devices from incoming threats. Firewalls check incoming web traffic outside of your network and decide whether to allow it through. This is even more critical with many of us working from home in the current pandemic.
It is important to make sure that it is not only computers are protected, but all devices, such as smartphones, etc. If you are connecting to the Internet out of your office, where security levels are not known i.e. over public Wi-Fi, the firewall should be configured to take this into account.
You need to ensure the best security settings on your devices and software. Attention should be given to all applications on your devices, especially ones that are possibly never used. These applications are likely to have standard logins and passwords – fodder for cyber criminals. If applications are not required, they should be removed.
Applications that you need and use, should always use strong, unique passwords and make sure they are not easily guessable e.g. not ‘password’.
In addition to passwords, we recommend additional levels of security such as a PIN or fingerprint ID. Where possible multi-factor authentication (MFA) is recommended. MFA sends additional verification requests to a device such as a mobile phone and when verified access to the relevant application is granted.
User Access Control
Ensure that only authorised persons have access to those applications required to perform their tasks. This will reduce potential threats, by minimising what can be accessed by an attacker.
Customisation of access will be required for each user to the next. Only administrators should have access to system settings and configurations. You may be surprised how many users have administrative privileges when they do not need to. All passwords and permissions should be reset, and a company-wide protocol introduced.
Activities should also be restricted since Internet browsing could leave an account vulnerable to intrusion, even for an administrator. Attackers could have access to everything the administrator does, providing an open door to everything on your network.
Only approved sites should be used for downloads which should ensure the required security standards are met – with no malware attached.
Most of you will have reputable anti-virus software, including EBS’ managed anti-virus solutions. This is only one element of what is required to achieve Cyber Essentials.
In addition to software, there is an element of self and staff education on how viruses and malware get onto your systems. For instance:
Cyber Essentials certification requires that you keep your devices and software up to date. Software authors regularly issue patches and security updates.
Additionally, if you are running with unsupported operating systems on your PCs or servers, you will not gain Cyber Essentials accreditation (i.e. Windows XP or Windows 7).
Pending updates should not be ignored. Updates may add new features, but they also update gaps found in security that could be exploited.
EBS offers a patch management managed solution taking the stress away from ensuring your applications are kept up to date.
Whether you wish to go down the path of Cyber Essentials or Cyber Essentials Plus accreditation, the fact remains that the above five security protocols need to be in place to ensure that you are protected against cyber-attack, in whatever form that may take.
It really is no longer enough to think that you can rely on anti-virus software alone.
EBS can provide consultancy to help you achieve Cyber Essentials.
Ask yourself these 5 questions:
If your answer to any of the above is “No” ,speak to us for further advice.
Chamber members receive 10% discount off their first order.
Contact firstname.lastname@example.org or call 0121 384 2513