With a 50% increase in weekly cyber attacks in the last year alone, the NCSC has recognised it’s time for some Cyber Essentials updates to keep up with ever-changing threats.
The beginning of Cyber Essentials
Introduced by the UK Government back in 2014, the Cyber Essentials scheme was designed to support businesses in understanding and improving their cyber security in a bid to crown the UK as one of the safest countries for businesses.
The scheme, managed by the National Cyber Security Centre (NCSC), follows these 5 key controls:
- Internet gateways and boundary firewalls
- Secure configuration
- Access control
- Malware protection
- Patch management
Since the beginning, the Cyber Essentials approach to cyber security has been highly successful but, the technical developments and increasing sophistication of cyber attacks demonstrated over the last few years have highlighted the time for some essential updates.
Implementing Cyber Essentials best practices can help prevent up to 80% of common cyber attacks.
What are the Cyber Essentials updates for 2022?
The aim of the Cyber Essentials updates is not to change the 5 key controls that have been so successful over the past seven years but rather to add to them. Here is what the updates look like:
Home working devices
In line with the existing firewall control, all devices used for home working must now comply with this guidance: This includes home PCs, laptops, tablets, and smartphones. To put this as an action, all employees and employers will need to ensure the firewall settings on any device they work from at home or remotely complies with the Cyber Essentials guidelines.
Providing an extra layer of security beyond passwords, multifactor authentication (MFA) has been implemented as a requirement as part of the Cyber Essentials updates. Some businesses can be reluctant to introduce MFA through fear of working disruption, but this really is a simple way to make a hacker’s life very difficult if they try to infiltrate your network.
Many businesses and organisations focus solely on their server systems when it comes to security assessments and overlook end-user devices. This can leave a gaping vulnerability for cyber criminals to easily take advantage of. With the Cyber Essentials updates, it is now compulsory to ensure the security of endpoint devices also; in a bid to eliminate this risk.
As part of the Cyber Essentials updates, the NCSC has made a strong recommendation that all high-risk software updates be performed within 14 days of their release. In addition, they also suggest automatic updates are enabled on all critical software. However, automatic updates should never be taken for granted and checks should still be made. If your business is partnered with a Managed Service Provider, you won’t have to give this a second thought.
The NCSC also recommends further software maintenance in that any software on unused devices is uninstalled, and all software is purchased from the developer direct and fully licensed.
Work vs personal accounts
A major vulnerability is the oversight of employees using the same account for office work as they do for personal web browsing or social media activity. By educating staff on the importance of ideal online practices through regular cyber security awareness training, you can greatly strengthen your cyber security.
Team up with us – we’re cyber security specialists
Technology moves at a rapid rate, which is why we work with our clients to keep their business up to date, protected and growing.
Our proactive approach to cyber security means we constantly monitor your systems while you focus on your daily business. We carry out regular cyber security audits for all our clients based on the Cyber Essentials 5 key controls.
And as we hold the prestigious Cyber Essential Plus certification, we can help you become Cyber Essentials accredited too.
To find out more, drop us a line – we’re waiting to share our expertise with you.