Launched back in 2014, the Cyber Essentials accreditation is a government-backed scheme designed to help businesses learn how to effectively protect themselves and their customers’ data from the threat of a cyber attack.
Implementing Cyber Essentials best practices can help prevent up to 80% of common cyber attacks.
Achieving the standard will not only protect your business but can also help grow your business as potential clients see your dedication and investment in cyber security. So how do you become Cyber Essentials accredited?
Cyber Essentials – how does it work?
Most cyber criminals are looking for easy pickings when it comes to hacking, which is why attacks on SMEs are growing year on year. Reports show that 1-in-3 small businesses rely on off-the-shelf cyber security tools, so it’s easy to understand why SMEs are becoming a prime target.
Cyber Essentials is designed to tackle this by helping businesses identify and address their vulnerabilities before they are exploited. To do this, the scheme focuses on 5 key controls, each designed to a specific aspect of data security.
The 5 key controls of Cyber Essentials.
Not to be confused with antivirus software which helps protect your systems from malware, a firewall prevents external threats from accessing your systems in the first place.
For certified security to the Cyber Essentials standard, all devices that connect to the internet must be protected with an efficient firewall.
#2. Secure configurations
Most software and hardware are supplied with default configurations which makes first use of the product quick and easy. However, these default settings can leave network devices wide open to countless security vulnerabilities.
To enhance your security, the configurations need to be adjusted to ensure each device discloses the minimum amount of information possible and to prevent unauthorised actions.
#3. User access
Admin rights are the key to your systems for any hacker; if they can obtain them, they can access your business applications and data. For this reason, it’s imperative you give special access privileges only to those team members who need them.
It can be tempting to give full access to your entire team for ease – after all, you trust them. But the more devices that have high-level access to sensitive information, the more hacking opportunities you create.
#4. Malware protection
Unless protected, all devices from laptops and PCs to smartphones and tablets are open to malware attacks.
There are many types of malware including, trojan, adware, ransomware and viruses, and any one of them will wreak havoc on your systems. From damaging files to stealing information and even locking your systems down for ransom payment.
To meet this Cyber Essentials standard, malware protection needs to be implemented on all devices connecting to your network. This may be anti-malware software, application whitelisting or application sandboxing.
#5. Patch management
As annoying as they can be when they interrupt your working day, software updates are essential to cyber security. Most updates include important security improvements; if they are missed (or ignored), you could be leaving a gaping vulnerability in your systems.
It’s important for any business that patch management is systemised; this could be an established in-house process, or with a Managed IT Services provider who will manage all updates out of hours for minimal disruption.
The unofficial 6th key control
Never forget that technology is only as effective as the team using it. In fact, with 50% of breaches resulting from human error, employees are seen as the biggest vulnerability to any business.
This is why we offer free cyber security training to all of our clients and their staff. Or training is content-rich and tailored to your industry.
Jupiter IT Can Help
We’re committed to helping businesses tighten their cyber security to the point of perfection. We are proud to hold the Cyber Essential Plus Certification and as experts in this standard, can help you achieve the Cyber Essential Accreditation too.
We will help you achieve all 5 key controls and provide you and your team with free cyber security training to tackle the sixth!
To find out more, get in touch – we’re here to share our expertise with you.