In this, the last blog in the three-part series, we will explore the final two of the five Cyber Essentials areas you are required to have, implement, and maintain in order to achieve the accreditation. Let’s start with Access Controls.
The objective of Cyber Essentials is to ensure user accounts only provide access to applications, networks, and computers that the user NEEDS to perform their role (notice the word ‘needs’).
Access control should be a considerable part of your business security. The increase in remote working that has been experienced across the globe, due to technological advances making it possible, have only elevated its importance.
Cyber Essentials Certification requires you utilise user accounts to control access to your data. There are controls regarding the various restrictions possible when setting access to administrative accounts and the privileges to those accounts are only given to those who need them to complete their job role. Under no other circumstances should access be authorised.
User accounts in your business facilitate access, allowing the use of applications, devices, and sensitive information. By only allowing access to those that are authorised, mirrored with user accounts that are matched by their position in the organisation, you massively increase the safety of your business, purely because access restrictions reduce the risk of theft or damage to your invaluable data.
If accounts with special access privileges to devices, applications and information are compromised severely enough the ramifications to your business could be dire. In extreme circumstances they can be exploited and cause long term effects on your organisation, potentially stopping it from running all together.
Lucy is logged into an administrative account and unknowingly opens a malicious email attachment. All associated Malware is likely to need administrative privileges.
Using Lucy’s administrative privileges, a type of Malware known as Ransomware encrypts all of the data on the network and then demands a ransom.
To apply for Cyber Essentials, you must have control over the user accounts and the privileges granted to each one. You must have a user account creation and approval process in place within the organisation.
You must authenticate users before granting access to application devices using unique credentials for each.
An important – and easily forgotten – practice is that you must be sure to disable or entirely remove user accounts when they are no longer in use. You must also remove or disable special access privileges to an individual’s account when no longer required, implement two-factor authentication and only use administrative accounts to perform administrative activities.
Having the Cyber Essentials accreditation shows potential customers that you intend on keeping their information as secure as possible.
We will now move on to the last of the five controls, Secure Configuration.
Cyber Essentials objective is that you make devices and software settings as secure as possible to enable fluid and safe use of your systems.
The default security settings ARE NEVER the most secure! Programmes and hardware in their default settings are always fairly insecure due to the factory settings being designed in such a way as to enable you as much fluidity with the product as possible, which allows you to configure settings from a clean slate.
To become Cyber Essentials certified you will have to reconfigure settings to ensure you enforce higher standards of security.
It is essential that – as services fall in and out of use and as new hardware is acquired or repurposed – you stay proactive in your approach to ensuring that devices and systems are always kept as safe and protected as possible. Hackers and cyber criminals are always on the lookout for poorly configured systems to attack, so vigilance is key.
Some of the risks include:
These are just a few of the different problems that can be caused by not presenting a good resistance.
Next in the blog are some ways you can use to make life tough for Cybercriminals.
To achieve Cyber Essentials accreditation and ensure that you remain compliant to their requirements, you will need to be certain that you have done everything in your power to adhere to the advice we have outlined in this blog series. With our help, you put yourself in good stead to pass and achieve the certification, whilst, in the process, projecting a professional, secure organisation that prides itself in doing its best for its customers.
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org