Awarding body - www.itgovernance.co.uk/
Background to Cyber Essentials
In 2012 the UK government launched its ‘10 Steps to Cyber Security’ and then in 2013 published Small businesses: What you need to know about cyber security, which encouraged organisations to consider whether they were managing their cyber risks.
These initiatives continued to gain traction. However, continuing attacks and feedback from industry vulnerability testers identified that a number of security controls were not being applied, leaving organisations vulnerable to threat actors with low levels of technical capability.
The government viewed the adoption of an organisational standard for cyber security as the next stage. This was in order to allow organisations, and their customers and partners, to have greater confidence in their ability to reduce the risk posed by threat actors with low technical capability.
Following the call for evidence on a preferred organisational standard in cyber security by the government and industry, the Cyber Essentials scheme was formalised in November 2013.
The benefits of Cyber Essentials
The Cyber Essentials scheme provides five security controls that could prevent “around 80% of cyber attacks”.
These controls provide protection to organisations to protect it from the vast majority of cyber attacks, allowing companies to focus on their core business objectives.
Cyber security has the additional advantage of driving business efficiency throughout the organisation, saving money and improving productivity.
By having achieved certification Diamond can help you to address other compliance requirements such as the EU General Data Protection Regulation.
The five Cyber Essentials controls to help your business stay secure:
1. Secure configuration
By ensuring your computers and network devices are configured properly, you can identify systems or databases that you no longer need or use. You will have the opportunity to reduce your overall storage and bandwidth consumption, as well as reducing the level of inherent security vulnerabilities. Hard drive encryption will ensure that your data remains protected if your computer is lost or stolen.
2. Boundary firewalls and Internet gateways
Using boundary firewalls to monitor traffic to your server(s) enables you to better understand and manage your bandwidth requirements, potentially allowing you to renegotiate your hosting costs, as well as blocking attackers and external threats.
3. Access control and administrative privilege management
Managing access control and administrative privileges erodes the opportunity for staff to install time-wasting software on to their computers, as well as removing the insider threat.
4. Patch management
Keeping on top of software patching and licencing makes your company more productive, as well as more secure. Patches often improve the performance of the products they apply to, and remove issues that slow down employees, such as crashes and poor performance caused by congested networks.
5. Malware protection
Implementing appropriate malware protection has its obvious security advantages, but an often overlooked hidden benefit is the time and cost savings that result from avoiding devices being out of action.
For more information please:
T – 0191 519 3700