As small or medium-sized businesses, we are all guilty of thinking we have done enough to protect against cyber-attacks and disruption. We have all seen the figures produced by the UK government’s Cyber security breaches survey, highlighting the issue.
As a countermeasure, the UK government supports and promotes Cyber Essentials and Cyber Essentials Plus schemes designed to protect against a wide range of the most common cyber attacks. To meet Cyber Essentials’ requirements, businesses need to prove they have implemented five technical controls: firewalls, secure configuration, Security Update management, User access control, and Malware protection.
In today’s hybrid working environment, a large part of the investment in meeting the requirement is ensuring that these controls are implemented on all personal computer systems (desktops, laptops, etc.) regardless of operating system.
Setting up these controls can be done manually or with Mobile Device Management (MDM) or Remote Monitoring and Management Software – Microsoft Intune, JAMF for Apple, n-able RMM and on each device, enable options to set MFA access, Firewall, Stealth mode, Automatic updating (applications and OS), Security Integrity protection, and Data encryption. CyberSmart’s Active Protect monitors these key security features and, if not enabled, provides clear instructions for setting them up.
Aside from the technical controls to secure the network and connected assets, our staff and ourselves are vital to ensuring cybersecurity, whether new hires or seasoned employees. A crucial part of Cyber Essentials is ensuring they understand their roles and responsibilities to protect the business.
This is achieved by completing the cyber essentials training. Like any CPD topic, it pays to retake it to ensure your knowledge is current periodically. I recently completed CyberSmarts CyberEssentials Academy.
Completing Cyber Essentials Training
There are 18 modules to take covering technical and behavioural aspects in subjects covering:
- Passwords (complexity, frequency, etc)
- Email ( etiquette and phishing)
- Internet safety ( social media, identity theft)
- Data ( GDPR, Protecting data, backing up, data classification)
- Mobile and Hybrid working
- Business continuity
Each module contains a two- to three-minute animated video and a fact sheet. A good tip is to take the option to read the fact sheet, as some information needed to complete the short end of the module quiz is only in the fact sheet. The pass mark for each module is 80%
Cybersmart sets a schedule for completing one module every two to three weeks, or you can complete them all in one sitting; I completed all modules in an afternoon. As mentioned earlier, the material contained new information and prompted me to revisit some of our own risk assessments and plans.
The difference between Cyber Essentials and Cyber Essentials Plus is that the latter requires hands-on technical verification by an approved authority. The IASME Consortium (IASME) manages the certification process, licencing certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.
Business Defence Systems can help you complete your Cyber Essentials and Cyber Essentials Plus certification. Request a callback or fill out our cyber security audit for more comprehensive feedback.