What is Cyber Essentials?
Cyber Essentials is a UK government-backed and industry-supported scheme that helps organisations of all sizes guard against the most common cyber attacks. It’s a baseline certification that outlines five key technical controls to implement for basic cyber hygiene. Cyber Essentials Plus builds upon the foundation of Cyber Essentials and offers a more advanced level of security assessment.
Here’s a breakdown of the five core controls in Cyber Essentials:
- Boundary firewalls and IPS: Implementing firewalls and intrusion prevention systems (IPS) to monitor and filter network traffic.
- Secure configuration: Ensuring operating systems, software, and firmware are properly configured with the latest security updates and settings.
- Patch management: Having a system in place to identify, acquire, and deploy security patches for vulnerabilities in a timely manner.
- User access control: Implementing strong user access controls to restrict access to systems and data based on the principle of least privilege.
- Malware protection: Deploying anti-malware software on all devices to detect and prevent malware infections.
Cyber Essentials Plus extends these controls with a more in-depth technical assessment, including:
- External vulnerability assessment: An external scan of the organisation’s network to identify potential vulnerabilities that attackers could exploit.
- Internal vulnerability assessment: A scan of internal systems to identify vulnerabilities that might not be visible from the external network.
- Mobile device security checks: Verifying that mobile devices used for work purposes are secure and meet organisational security policies.
- User testing: Simulating phishing attacks to assess employee awareness of social engineering tactics.
- Multi-Factor Authentication verification: Confirming that multi-factor authentication (MFA) is properly configured and enforced for critical systems.
Benefits_
- Reduced risk of cyber attacks: By implementing the recommended controls, organizations significantly reduce their vulnerability to common attacks like malware, phishing, and ransomware.
- Improved security posture: Cyber Essentials helps establish a solid foundation for an organisation’s overall security posture.
- Demonstrated commitment to security: Cyber Essentials certification demonstrates to customers and partners that an organisation takes cyber security seriously.