Your Cyber Essentials Checklist

In a world that is driven by rapidly changing and emerging technologies and software, cyber security is becoming an increasingly important requirement for organisations. This is because with huge technological advances comes huge opportunities for cyber attackers to cause system breaches, costing organisations valuable time, resources and a great deal of money, as well as reputational damage. All in all, cyber attacks are a headache that you simply will not have with Cyber Essentials certification.

Cyber security breaches across businesses in the UK

In the Cyber Security Breaches Survey, published in April 2019, it was reported that 32% of businesses and 22% of charities had identified breaches in the past 12 months. Of these companies, around 48% of businesses and 39% of charities identified at least one breach or attack a month. With each breach costing an average of £4,180 for businesses and £9,470 for charities, the cost of multiple breaches in one year is hugely damaging, particularly for SMEs, which make up the largest proportion of businesses in the UK.

The persistent threat to organisations’ cyber security means Cyber Essentials is a necessary precaution to ensure protection from basic attacks.

How Cyber Essentials can help

Cyber Essentials is a widely recognised, government-accredited scheme which protects organisations from the most common cyber security attacks. Organisations not only benefit from the basic protection that Cyber Essentials gives, but achieving certification also shows that your organisation is more trustworthy and reputable in taking cyber security seriously. What’s more, if your organisation is looking to win public sector contracts, Cyber Essentials is a mandatory requirement to submit a bid to some buyers.

As part of the application process, Cyber Essentials provides a checklist of basic controls that organisations should have in place to qualify for Cyber Essentials certification. We go through these below.

How to achieve complete compliance

There are five basic steps that make up the Cyber Essentials checklist. Your organisation can implement these steps today for protection against the most common cyber security attacks. Remember – if your organisation has implemented these steps, you are on your way to achieving Cyber Essentials compliance.

1. Use a firewall to secure your internet connection

A firewall acts as a safe space, or ‘buffer zone’ between your IT network and the wider internet. If any website or traffic your organisation comes across is unsafe, the firewall will block your organisation from accessing it or at least warn you of the harmful content. Popular examples of firewalls are Proxy Server firewalls, which mask your IP address and limit certain traffic types.

2. Choose the most secure settings possible for devices and software

One of the most common causes of cyber security breaches is the default configuration settings on devices and software. These settings, usually implemented by manufacturers when setting up an organisation’s entire computing system and network, are often set to be as open as possible to allow easy access. Unfortunately, this means that the systems are easy for cyber attackers to access. Choose only the most secure settings available for what your organisation requires.

3. Assert control over accessible data and services

Check the privileges associated with your staff accounts and restrict where necessary. Limiting the number of staff with access to sensitive information lowers chances of breach in an administrative (admin) account. This is an important distinction to make, because if a cyber attacker gets unauthorised access to an administrative account, it causes much more damage than if they only have access to a standard user account.

4. Protect yourself against malware and viruses

Short for malicious software, malware can appear anywhere in your computer through email attachments, infected floppy disk drives, or through accessing a malicious website. Viruses are another form of malware. Once your software or device has been infected, it is extremely difficult to eradicate it from the system. There are number of ways to defend against malware, with the most popular being included within Windows and MacOS software which can be installed for free. Whitelisting, which collates a list of websites which users can access and blocks all not on the list, is also a good option for business protection.

5. Keep your devices and software up to date

Keeping your software up to date is the most crucial, and easiest, form of protection against security breaches. Not only do manufacturers release regular updates with new features, but they also remove security glitches and bugs.

Cyber Essentials is your armour

Find out more about how your organisation can be protected from basic cyber security attacks with Cyber Essentials. With access to the online self-assessment questionnaire, a valid certification for 12 months, plus 24-hour help desk support, achieve complete Cyber Essentials compliance today.

Take the Cyber Essentials Ready Checklist today and find out if you’re ready to certify.