New technology is changing the way people work. However, more applications, connections, and multiple devices as well as the recent homeworking revolution, make IT infrastructures increasingly vulnerable to attack and complex, costly, and time-consuming to secure.
Statistics about cyber-crime are terrifying with IT Governance UK reporting 14.3 million records breached globally in April 2022. With new threats emerging all the time, security isn’t something you can cut corners with.
A lack of investment in cyber security can be immensely damaging to a business. Obviously, there is the direct economic impact of attacks to the business, such as theft of corporate information, disruption to trading or even having to repair affected systems all resulting in financial loss. However, cyber security breaches can also cause long term reputational damage.
Companies need to protect their organisations with a defence in depth strategy. If you’re unsure where to start, then we recommend you first consider becoming Cyber Essentials accredited, In this blog we’ll cover what Cyber Essentials is, how it can benefit your company and how to get started.
What is Cyber Essentials?
Cyber Essentials is a government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber-attacks by delivering an essential security baseline for every organisation.
By implementing five technical controls, you protect your business from up to 80% of common cyber security threats. The certification defines a set of controls which provide clear guidance on basic cyber security for organisations of all sizes and offers a thorough foundation of cyber security measures that all types of organisations can implement at a low cost.
What does Cyber Essentials protect you from?
The scheme addresses the most frequent and reoccurring cyber security threats. These threats are instances that use a lot of universally accessible tools from the internet and require basic skills, such as hacking, phishing, and password infiltration.
There are two different levels of Cyber Essentials certification:
Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats.
Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme. It is a more rigorous test of your organisation’s cyber security systems where external cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
Cyber Essentials: the five technical controls
1. Firewall & routers
To achieve Cyber Essentials or Cyber Essentials Plus you need to have a firewall installed and used correctly. It needs to be applied across your entire network and protect every device in your IT estate, not just your desktops or laptops.
2. Secure configuration
Make sure all devices and software are configured to have the best security settings. Remove bloatware, change default passwords. It’s also recommended that businesses start incorporating PINs or multi factor authorisation to increase security even further.
3. User access control
To reduce the possibility of an attacker infecting your devices, user accounts should only have access to software and settings to perform the role intended.
Reduce the number of administrator accounts. This will lower the risk of a high-privilege account getting compromised and allow you to easily keep track of who has access to what.
4. Malware protection
All devices including laptops, PC’s, phones, and tablets, unless protected, are open to attacks using malware. Viruses and malware like the ones used in the Kaseya attack in July 2021, can infect devices and software and can quickly infect any other devices or software that is connected to it.
5. Software updates
It is important that all phones, tablets, laptops, or computers are always kept up to date. This is true for both Operating Systems and installed apps or software. Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered.
The Cyber Essentials scheme brings several benefits to companies looking to get certified. Here’s some of the most important reasons:
Uncover security weaknesses: The scheme requires an organisation to self-assess and benchmark their security policies. This level of scrutiny will uncover weaknesses and ensure staff are more vigilant about cyber security.
Protection against common threats: The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.
Work with Public Sector: You’ll have the opportunity to work with more public sector organisations.
Demonstrates you take security seriously: it shows clients, partners and suppliers that you’re a trustworthy and secure organisation. In addition, it offers a mechanism to demonstrate to customers, investors, insurers, and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats.
Competitive advantage. With this trust in place, you’ll have a greater advantage over the competition who haven’t obtained the certification.
Limit risk: The Cyber Essentials certification costs £300 per year, a fraction of the price of the average mean cost of a cyber security breach for a small business in 2019 of £11,000
Know your risks. You’ll gain a clear understanding of the level of cybersecurity and risks in your business, allowing you to plan accordingly.
Insurance cover. With a Cyber Essentials certification in place, you benefit from £25,000 cyber breach insurance (if you have a turnover of less than £20 million), or reduced premiums (if your turnover is over £20m).
Cyber Essentials is a great scheme for ensuring you have laid strong security foundations to protect your company against the most common cyber threats. Not only will it build trust between you and your clients, but it’ll also give you actionable data on your company’s security posture and the common threats you need to protect against.
To get started, reach out to one of our security consultants who can discuss how Ridgewall can help you become accredited.