What does Cyber Essentials cover?

Cyber Essentials covers the following:

Boundary Firewalls and Internet Gateways:

Your first line of defense against an intrusion from the internet will be boundary firewalls and internet gateways. A well-configured firewall can prevent breaches before they penetrate deep into your network. At the same time, an internet gateway can deny users within your organisation to websites or other online services that present a threat.

Secure Configuration:

Some setup and configuration will be required to ensure your hardware and software provide the most effective protection. Removing unused software and services from your devices will reduce the number of potential vulnerabilities as older versions of some widespread software have well-documented security vulnerabilities. It is also to ensure that you remove any default passwords used by software and hardware as these are well-known by hackers.

Access Control:

Access to your system should be restricted to trusted users, so each of these users must have and use their username and password, which is appropriate to the job they are undertaking at the time. Administrator accounts should only be used when strictly necessary, such as installing known and trusted software.

A brute force password attack is a common method of attack, perhaps even by casual users trying to access your Wi-Fi. Therefore, you need to enforce strong passwords and frequent password changes and limit the number of failed login attempts. Passwords or other access should be cancelled immediately should a staff member leave the company or is absent for long periods.

Malware Protection:

Malware is malicious software specifically designed to disrupt or damage a computer system. You should have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats. You will also need to keep them up-to-date and switched on to continually monitor your computer system.

You should also make sure you receive and act upon any alerts issued by the malware protection.

Patch Management and Software Updates:

Computer equipment and software need to be maintained regularly to fix any security vulnerabilities and keep it running smoothly. Security software such as anti-virus and anti-malware need regular updates to provide adequate protection. Checking regularly for updates and subsequently applying them will keep your software up-to-date, and most software can also be set to update automatically.

If your system is a few years old, you should review the protection you have to ensure it is still adequate. In between updates, you should use patches to maintain your computer system. A patch is software designed to update a computer program or its supporting data to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bug fixes, and improving usability or performance.

Related FAQs

ISO certification is a seal of approval from a third party body that a company runs to one of the international standards developed and published by the International Organization for Standardization (ISO).

The ISO are an independent, non-governmental international organization that brings together experts to share knowledge and develop international standards that support innovation and provide solutions to global challenges.

The cost of ISO standard implementation and certification is a fixed fee from the beginning of your business relationship with IMSM and it will not change throughout the ISO process. The cost is not as much as you might think and is based on the following variables:

  • The standard/s you require
  • The number of company sites
  • The number of employees
  • The amount of support deemed necessary to ensure that your business is prepared and ready for certification.

ISO Certification lasts three years and is subject to mandatory audits to ensure that you are compliant. After the three years to continue with your certification you will be required to do a recertification audit.