Single Blog

What Is Cyber Essentials?

Cyber Essentials is a scheme developed by the Government, the Information Assurance for Small and Medium Enterprise (IASME) consortium, and the Information Security Forum (ISF).  It helps businesses protect themselves from the ever-growing cyber threat.  The scheme has a clear list of basic controls that organisations should have in place.

Operating under the National Cyber Security Centre (NCSC), Cyber Essentials is the best first step to a more secure network. This is the UK Government’s answer to a safer internet space for organisations of all sizes in all sectors.

Think of hackers as burglars, most of them are not specifically targeting one particular individual or company. Nor are they spending time staking out and researching their targets.  Instead, they are scouting and looking for easily exploitable weaknesses (although finding weakness’s often leads to more targeted and focussed attacks)

Cyber Essentials addresses this and helps organisations avoid those exploitable weaknesses.  Comprised of five controls that cover the basics of effective cyber security, this is what an organisation can do to help prevent and protect against cyber threats:

• Firewalls:

Firewalls prevent unauthorised access to or from private networks.  A good setup is essential to be fully effective.  While anti-virus software helps to protect against viruses and malware, a firewall keeps attackers or external threats from gaining access in the first place.

• Secure Configuration:

Failure to properly manage server configurations could lead to a series of security issues.  Devices should be configured to minimise the number of vulnerabilities and will also help to prevent unauthorised actions being carried out.  This will ensure that devices disclose minimum information about themselves on the internet.

• User Access Control:

Keeping access to data and services to a minimum will help prevent an attacker being presented with open access.  Convenience can result in many users having admin rights which could lead to exploitation and the users being vulnerable to attack. Individual user accounts to provide an audit trail are also essential.

• Malware Protection:

When malware gains access to the device, they seek information. They can steal confidential information, damage files, or even lock and prevent access unless you pay a ransom. 

• Patch Management:

Hackers exploit known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.  Updating software and operating systems will help to fix these know weaknesses.

Here is a quick video summary on Cyber Essentials.

Why is it important for us to be certified?

Being Cyber Essentials certified means that we are actively working to prevent malicious cyber-attacks.  It also means that our clients can be confident with the knowledge that we are taking essential precautions to protect against cyber threats.  The NCSC stated that going through the Cyber Essentials certification process and implementing even just one of the five controls can protect businesses from 80% of cyber-attacks.

As cyber security evolves, so do the cyber threats.  The Cyber Security Breaches Survey 2020 found that since 2017, the number of businesses experiencing phishing attacks has increased from 72% to 86%.  There has been a decrease, however, in the number of businesses experiencing viruses or malware attacks from 33% to 16%.

Helping our clients become certified

itQED have helped a number of our clients become Cyber Essentials certified. We have the methodology and collateral to help smooth the process. If you would like to enhance your cyber security and reduce the risks to your business, contact us to find out how we can assist.

You can have confidence in itQED, knowing that we are taking measures to protect ourselves and your business.

What Is Cyber Essentials?

Cyber Essentials is a scheme developed by the Government, the Information Assurance for Small and Medium Enterprise (IASME) consortium, and the Information Security Forum (ISF).  It helps businesses protect themselves from the ever-growing cyber threat.  The scheme has a clear list of basic controls that organisations should have in place.

Operating under the National Cyber Security Centre (NCSC), Cyber Essentials is the best first step to a more secure network. This is the UK Government’s answer to a safer internet space for organisations of all sizes in all sectors.

Think of hackers as burglars, most of them are not specifically targeting one particular individual or company. Nor are they spending time staking out and researching their targets.  Instead, they are scouting and looking for easily exploitable weaknesses (although finding weakness’s often leads to more targeted and focussed attacks)

Cyber Essentials addresses this and helps organisations avoid those exploitable weaknesses.  Comprised of five controls that cover the basics of effective cyber security, this is what an organisation can do to help prevent and protect against cyber threats:

• Firewalls:

Firewalls prevent unauthorised access to or from private networks.  A good setup is essential to be fully effective.  While anti-virus software helps to protect against viruses and malware, a firewall keeps attackers or external threats from gaining access in the first place.

• Secure Configuration:

Failure to properly manage server configurations could lead to a series of security issues.  Devices should be configured to minimise the number of vulnerabilities and will also help to prevent unauthorised actions being carried out.  This will ensure that devices disclose minimum information about themselves on the internet.

• User Access Control:

Keeping access to data and services to a minimum will help prevent an attacker being presented with open access.  Convenience can result in many users having admin rights which could lead to exploitation and the users being vulnerable to attack. Individual user accounts to provide an audit trail are also essential.

• Malware Protection:

When malware gains access to the device, they seek information. They can steal confidential information, damage files, or even lock and prevent access unless you pay a ransom. 

• Patch Management:

Hackers exploit known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.  Updating software and operating systems will help to fix these know weaknesses.

Here is a quick video summary on Cyber Essentials.

Why is it important for us to be certified?

Being Cyber Essentials certified means that we are actively working to prevent malicious cyber-attacks.  It also means that our clients can be confident with the knowledge that we are taking essential precautions to protect against cyber threats.  The NCSC stated that going through the Cyber Essentials certification process and implementing even just one of the five controls can protect businesses from 80% of cyber-attacks.

As cyber security evolves, so do the cyber threats.  The Cyber Security Breaches Survey 2020 found that since 2017, the number of businesses experiencing phishing attacks has increased from 72% to 86%.  There has been a decrease, however, in the number of businesses experiencing viruses or malware attacks from 33% to 16%.

Helping our clients become certified

itQED have helped a number of our clients become Cyber Essentials certified. We have the methodology and collateral to help smooth the process. If you would like to enhance your cyber security and reduce the risks to your business, contact us to find out how we can assist.

You can have confidence in itQED, knowing that we are taking measures to protect ourselves and your business.