New technology is changing the way people work. However, more applications, connections and multiple devices make IT infrastructures increasingly complex, costly and time-consuming to secure. Coupled with a homeworking revolution as a result of Covid-19, the attack surface has never been so vulnerable. New cybersecurity issues are arising with a significant spike in phishing attacks, malware spam and ransomware attacks. Criminals use new angles with a recent Deloitte report stating that “attackers are using COVID-19 as bait to impersonate brands, thereby misleading employees and customers.”
Based on the Cyber Security Breaches Survey 2017*, only one in ten businesses has a cyber security incident management plan in place despite just under half (46%) of all UK businesses identifying at least one cyber security breach or attack in the last 12 months. The report also highlighted that around 13% of UK businesses are attacked daily, with attacks being more prevalent where the core business functionality is not online-focused.
Companies need to protect their organisations with a multi-layered security strategy. If you’re unsure where to start, then we recommend you consider becoming Cyber Essentials accredited? In this blog we’ll cover what Cyber Essentials is, how it can benefit your company and how to get started.
What is Cyber Essentials?
Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber-attacks by delivering an essential security baseline for every organisation.
By implementing five simple technical controls, you can protect your business from up to 80% of common cyber security threats. The certification defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.
What does Cyber Essentials protect you from?
The scheme addresses the most frequent and reoccurring cyber security threats. These threats would be instances that use a lot of universally accessible tools from the internet and require basic skills.
These could be threats such as hacking, phishing and password infiltration.
There are two different levels of Cyber Essentials certification:
- Cyber Essentialsis the minimum certification that you can receive and provides a great foundation of basic security. It requires a self-assessment followed by an external review.
- Cyber Essentials Plusprovides a more rigorous auditing process. It further protects against phishing and hacking. Rather than the self-assessment required of the Cyber Essentials certification, Cyber Essentials Plus requires system tests to be carried out by an external body.
Let’s take a closer look at the Cyber Essentials certification, and why you need it for your business.
Cyber Essentials: the five technical controls
1. Firewall & routers
To achieve Cyber Essentials or Cyber Essentials Plus you need to have a firewall. More than that, you need to be using it correctly. It needs to be applied across your entire network and protect every device in your IT estate, not just your desktops or laptops. Mobile devices should certainly have a correctly configured firewall in place as these could be regularly connecting to public Wi-Fi.
2. Secure configuration
Make sure all devices and software are configured to have the best security settings. Remove bloatware, change default passwords. It’s also recommended that businesses start incorporating PINs or two factor authorisation to increase security even further.
3. User access control
To reduce the possibility of an attacker infecting your devices , user accounts should only have access to software and settings to perform the role intended.
Reduce the number of administrator accounts. This will lower the risk of a high-privilege account getting compromised and allow you to easily keep track of who has access to what.
4. Malware protection
All devices including laptops, PC's, phones and tablets, unless protected are open to attacks using malware. Viruses and malware like the ones used in the wannaCry attack in 2017, can infect devices and software and can quickly infect any other devices or software that is connected to it.
5. Software updates
It is important that all phones, tablets, laptops or computers are kept up to date at all times. This is true for both Operating Systems and installed apps or software. Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered.
The Cyber Essentials scheme brings a number of benefits to companies looking to get certified, here’s some of the most important reasons:
- Uncover security weaknesses: The scheme requires an organisation to self-assess and benchmark their security policies. This level of scrutiny will uncover weaknesses and ensure staff are more vigilant about cyber security.
- Protection against common threats: The Cyber Essentials certification protects against 80% of common cyber-attacks.
- Work with Public Sector: You’ll have the opportunity to work with more public sector organisations.
- Demonstrates you take security seriously:It shows clients, partners and suppliers that you’re a trustworthy and secure organisation.
- Competitive advantage.With this trust in place, you’ll have a greater advantage over the competition who haven’t obtained the certification.
- Limit risk: The Cyber Essentials certification costs £300 per year, a fraction of the price of the average mean cost of a cyber security breach for a small business in 2019 of £11,000
- Know your risks.You’ll gain a clear understanding of the level of cybersecurity and risks in your business, allowing you to plan accordingly.
- Insurance cover.With a Cyber Essentials certification in place, you benefit from £25,000 cyber breach insurance (if you have a turnover of less than £20 million), or reduced premiums (if your turnover is over £20m).
Cyber Essentials is a great scheme for ensuring you have laid strong security foundations to protect your company against the most common cyber threats. Not only will it build trust between you and your clients, it’ll give you actionable data on your company’s security posture and the common threats you need to protect against.
To get started, reach out to one of our security consultants who can discuss how APH can help you become accredited.