Cyber Essentials tests a company’s IT systems and any device (including desktop, tablets and mobiles). which connects to the internet against five key controls, and the certification process is designed to be straightforward.
What are the key controls?
- Boundary firewalls and internet gateways
- Malware protection
- Patch management
- Secure configuration
- Access control
Boundary Firewalls and Internet Gateways
You should protect your internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other external networks.
In the simplest case, this means between your computer (or computers) and ‘the Internet’. Within this buffer zone, incoming traffic can be analysed to find out whether or
not it should be allowed onto your network.
Malware is short for ‘malicious software’. One specific example is ransomware, which you may have heard mentioned in the news. This form of malware makes data or systems it has infected unusable - until the victim makes a payment. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.
No matter which phones, tablets, laptops or computers your organisation is using, it’s important they are kept up to date at all times. Manufacturers and developers release regular updates which not only add new features but also fix any security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security.
Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.
If you're not looking to have your certification managed and automated by ATG and you prefer the self-assessment route, here's a helpful checklist before you get started.
- ATG-IT continue to be ‘IASME’ and ‘Cyber Essentials Plus’ certified
- Five Reasons You Need Cyber Essentials
- Cyber Essentials Small Business Guide
- Cyber Essentials vs Cyber Essentials Plus: What's the difference?
- Secure your supply chain with Cyber Essentials!
- What is Cyber Essentials, does my business need it?