Many businesses approach us for advice about the Cyber Essentials scheme. Knowing when to apply for what level can be confusing. Here we hope to explain the scheme as clearly as possible so that you know exactly when and how to apply.
Many attacks can be easily avoided by following best practices in securing your processes and data. The following five steps can be implemented quickly and start your business on the journey to a much more cyber secure organisation. SoConnect is committed to helping you on your journey to Cyber Essentials, and we can help you implement these measures and more.
What is Cyber Essentials?
Cyber Essentials is a Government-backed scheme that helps protect businesses against the most common cyber threats. Working towards Cyber Essentials certification is a proactive cybersecurity approach that will ultimately protect your business against digital attacks. It will also enable you to demonstrate trust that any information provided to you by customers, suppliers and partners is secure and kept that way.
Read on for the 5 controls you can implement today to start you journey to Cyber Essentials certification. Don't have time to read? We summed it up for you here:
1. Secure your internet with a firewall
It is essential to protect your internet connection with a firewall. A firewall is a safeguarding measure that creates a protective buffer between your IT network and other networks. Generally, this means between your computer (or computers) and 'the internet'. Within this buffer zone, the firewall can analyse incoming traffic to determine whether it should be allowed onto your network.
Commonly, organisations will have a dedicated boundary firewall that protects their whole network. A personal firewall is generally included within your Operating System - at no extra charge - on your internet-connected laptop or computer. You can use routers that contain a firewall in this boundary role. However, this can't be guaranteed – if you can, ask your internet service provider about your specific model.
2. Secure your device and software settings
Device and software manufacturers default configurations are commonly open and as multifunctional as possible, making them easy to use when adopted. However, open configurations also make it easier for cybercriminals to gain unauthorised access to your data.
Always check your new devices and software settings and make changes that increase your security level. A good start is removing any functions, accounts, or services that you don't need.
Passwords
Your laptops, computers, tablets and smartphones contain your data, but they also store the details of the online accounts you access, so both your devices and your accounts should always be password protected.
When implemented correctly, passwords are an easy and effective way to prevent unauthorised users from accessing your devices. Make sure they are easy to remember and hard for somebody else to guess. The easiest passwords for attackers to guess are the default passwords that come with new devices. It's always best to replace all default passwords - commonly set to 'admin' or 'password' - before you distribute devices to your team. Using PINs or Touch-ID can also help secure your device. Better yet, is to make use of a secure online password manager, such as Keeper. Keeper assists with auto-generated passwords and password storage so that you will never have to worry about forgetting that important password again.
Extra Security
Important accounts, such as IT administration and banking, need extra protection, and you should use two-factor authentication, also known as 2FA. A typical and practical example is a code sent to your smartphone, which you must enter in addition to your password.
3. Control who can access your data and services
Staff accounts should have just the right amount of access to software, settings, online services, and device connectivity functions to do their jobs. Doing this allows you to minimise the potential damage done if an account is misused or stolen.
You should ensure that accounts with administrative privileges are used only to perform administrative tasks. Since there will be reduced exposure from surfing the web or checking emails, this will cut down on the chance of extensive damage should an admin account with extensive permissions be attacked.
4. Get protected from viruses and malware.
Malware means 'malicious software' and is a term that covers viruses, worms, trojans and many other damaging programs used by hackers. One type, ransomware – and the clue is the name - until you make payment, your data or systems are unusable. Viruses pass unnoticed between machines, infecting software as it goes.
Where does malware come from?
Malware finds its way onto a computer in many multiple ways. The 'bug' can come from an email attachment, browsing a malicious website, or by using a removable storage device that is already carrying the malware.
How to defend against malware
- Anti-malware measures are often included for free within popular operating systems, e.g. Windows Defender. These should be used on all devices, be kept up to date and password protected. In addition, you should also use 3rd party Anti-malware/virus tool such as BitDefender.
- Whitelisting is used to prevent users from installing and running applications that may contain malware. An administrator creates a list of applications allowed on a device, and whitelisting will block any application, not on this list from running.
- Sandboxing A sandboxed application runs in an isolated environment with very restricted access to the rest of your devices and network. Your files and other applications are then kept out of reach, if possible.
5. Keep devices and software up to date.
No matter which devices your business is using, it's vital that the manufacturer still sends regular security updates, and those updates are installed immediately on release.
Doing this is quick, easy, and free of charge. Manufacturers and developers release regular updates that add new features and fix any security vulnerabilities. Installing these updates (a process known as patching) is one of the most important things you can do to improve security.
It is best to set all operating systems, programmes, phones, and apps to 'automatically update' wherever you can. This will ensure you are always protected. Please note that all devices and software have a limited life. When a manufacturer no longer supports your hardware or software, new updates will no longer appear, and you should replace it with a supported product to stay protected.
Taking the time to investigate and put these five controls in place will ensure that your organisation is on the path to better cybersecurity. Cyber Essentials Certification should be your next target, and SoConnect can help you on your journey to this. Certification proves just how seriously your business is about cybersecurity and creates trust between you, your customers and business partners. Our team of IT experts will guide you through the process and implement measures, so you are safe in the knowledge that your company is cyber secure.
If you would like to know more about Cyber Essentials certification, fill out a form on our website, give us a call on 03332401824, or email sales@soconnect.co.uk.
Reply a Comment