Cyber essentials
Cyber Essentials is designed to help organisations of any size demonstrate their commitment to cyber security – all while keeping the approach simple, and the costs low.
What is cyber essentials?
Cyber Essentials is a globally recognised IT security standard, used to give comfort to wider industry that basic levels of IT related security are being met.
It covers five key control areas which can protect organisations from possible data breaches and leaks.
These are:
- boundary firewall and internet gateways
- secure configuration
- access control
- malware protection
- patch management and software updates
FIVE KEY SECURITY CONTROLS
BOUNDARY FIREWALLS AND INTERNET GATEWAYS
You should protect your Internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other, external networks. In the simplest case, this means between your computer (or computers) and ‘the Internet’. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed onto your network.
SECURE CONFIGURATION
Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.
Access Control
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.
MALWARE & VIRUS PROTECTION
Malware is short for ‘malicious software’. One specific example is ransomware, which you may have heard mentioned in the news. This form of malware makes data or systems it has infected unusable - until the victim makes a payment. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.
