In this the second of our three-part blog series, we will explore three of the five Cyber Essential controls. We will also look at how to implement and maintain them to ensure compliance with Cyber Essentials.
In this blog we will be concentrating on Patch management, Malware protection, and Firewalls. (The final two will be explored in the last blog of the series.)
‘To prevent harmful code from causing damage or accessing sensitive data’. The aim is to do this by restricting the execution of known Malware and untrusted software.
Malware is described as any software that is designed to intentionally cause damage to a computer, server, client, or computer network.
Malware is one of the most common forms of computer virus on the planet. It attacks software and makes copies of itself, and then sends those copies to any computer or device that has any association with the original target, eventually causing irreparable damage and issues. The infection can cause many problems – varying from malfunctioning systems to data loss – all of which are capable of destroying a business from the inside out. The most common Malware attacks are financially motivated. An astonishing ‘304 million ransomware attacks were carried out worldwide in 2020’ – can you afford to be the victim of one?
Cyber criminals use a variety of methods to get Malware onto your system. It could be down to the user browsing a website that has been compromised, they may open a file from a removable storage media (a memory stick, for example), or it could be something as simple as opening an email that is already infected.
It can be very difficult to fight back against cyber attackers, but there are actions you can take to make things harder for them.
Cyber Essentials Certification requires that you implement one of the three approaches listed above to protect your devices against malware.
Let’s take a look at the second control on our journey through the five controls, Patch Management.
‘To ensure that devices and software are not vulnerable to known security issues for which fixes are available.’
Keeping your devices and software up-to-date is more important than you think. If your devices aren’t equipped with the latest protection then you are leaving yourself vulnerable to problems and potentially business-incapacitating damage to your computer systems. Just because your devices are in your home doesn’t make them safe!
One of the reasons that manufacturers release updates is for you, the consumer, to get more from your device by using new features to improve its functionality. But this is only part of the reason – their main function is to remedy any security vulnerabilities that have been discovered in the device. Set updates to automatic wherever possible. A manufacturer will always remedy security problems as soon as possible as it is beneficial to them that you get the most from your device in a secure way. If you suffer from a security breach it could lead you to lose faith in the device or software and, in the worst-case scenario for them, possibly the manufacturer as well.
All IT has a limited lifespan. Technology is always improving; its capabilities are gradually becoming endless, and manufacturers are constantly innovating and finding new ways to get the absolute best out of your tech in the most secure way possible.
Unfortunately, mirroring the advancements in technology and, in turn, the levels of security capable within your tech, is Malware. To defeat attack updates need to be made regularly. As inconvenient as this can be, , it is essential to do them as soon as they are released, otherwise you will be unable to stay ahead of the technology, which is evolving at incredible speed. Also, as soon as your device or software is due to become unsupported by the provider, you must immediately start considering a modern replacement that is backed up and therefore cyber secure. If this is not actioned, then you are jeopardising the safety of your systems.
Cyber Essentials requires you to install updates within two weeks of their release if the vendor describes the patch as fixing flaws labelled ‘high’ or ‘critical’. Your software must be licensed, supported, and up-to-date wherever possible. You must also remove all software from devices that is no longer supported.
Now for the last of the five controls that we will be exploring in this second of the three-part blog series, Firewalls.
Let’s take a look at how Firewalls work, the different types, and the various ways to configure them to ensure you satisfy the requirements of Cyber Essentials. But, first, we’ll explore the basics of Firewalls.
A Firewall is a security system that monitors your incoming and outgoing network traffic. The Firewall in your system creates a barrier between your trusted network and the untrusted internet network.
To explain, when you consider the door to your house, it allows and denies access; when access is permitted the door is open and monitored for what is coming in – when access is not permitted it is shut and doesn’t allow anything or anyone to enter. Going a step further, the Access Controls you choose to use act as the ‘keys’ to your system.
A Firewall stops those not permitted entry to your system from being able to gain control of your data or systems, while also providing secure access for those external to your network that you wish to permit access.
Small to medium businesses with only a handful of end-point devices can implement Firewall software at device-level. A Firewall combined with other measures such as Anti-malware software and being diligent with your patch management should ensure your network’s security.
To achieve compliance, you should protect every device in your network with Firewall protection. By managing those Firewall controls effectively, you are minimising risk. Once having installed your Firewall software, consider the following to ensure enhanced protection:
A Firewall is the first line of defence for your network and all the devices that reside within it. They are essential regardless of the Cyber Essentials accreditation, because your digital landscape is easily attacked without one.
In the following and last blog in the series we will explore the last two controls; Access Controls, and Secure Configuration.
Implementing the correct security measures for the technical landscape of your organisation has the power to revolutionise the way your organisation works. We can implement and maintain your security measures and look for better ways to defend your system. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily as a result of these recommendations. We can help you to truly get the most from your IT in the most secure way possible. Don’t hesitate – contact us now!
Book a no-obligation discovery call with a member of our team today by calling 0207 993 9035 or firstname.lastname@example.org