New statistics reveal that almost half of UK businesses experienced a Cyber breach in the 12 months. If you haven’t already taken steps to help protect yourself from hackers and cyber criminals, take action now.
The Cyber Essentials security certification is a government-backed accreditation which has been designed to help businesses reduce the risk of cyber attacks. It’s now a requirement for all businesses that work in the public-sector to be compliant with this standard. JJM Networks is your QG Management Standards certified partner, for helping your organisation implement and achieve the Cyber Essentials and Cyber Essentials Plus Security Accreditation.
Two levels of CE Certification
There are two levels of the certification. A self-assessment is available, as well as an enhanced certification which requires external assessment and verification by an accredited certification body. Your organisation is free to choose the level that you wish to certify against.
Entry Level Certification
This requires completing a self-assessment questionnaire. It features
a basic level of protection and demostrates that your organisation
has taken necessary steps to secure it’s internet facing systems.
This covers all the same requirements as Cyber Essentials
but tests of the systems are carried out by an accredited
certification body, using a range of tools and techniques.
What does the Certification Include?
The certification focuses on securing five key areas to ensure your organisation maintains best practice to minimise the risk of cyber attacks. This allows businesses to demonstrate to it’s customers and insurers it has taken steps to implement basic security controls to help manage it’s risk.
The Five Key Controls:
Firewalls & Gateways
Firewalls and Gateways are devices which have been designed to prevent access to or from private networks, a good configuration of these devices is required to be fully effective at securing your perimeter.
Secure configuration ensures that your systems are configured in a secure way. This involves implementing security policies on your endpoints which help to restrict unauthorised actions being carried on your systems. For more information about the scheme, please see the Scheme Summary
User Access Controls
Administrator rights are the holy grail for attackers, these need to be restricted for only administration actions ensuring that only those who should have access to a system have access and at the appropriate level. This makes it more difficult for attackers to gain full control of your systems.
Attackers often exploit widely known vulnerabilities in software to gain access to systems. It is crucial to update software to fix these weaknesses. This ensures that only the latest supported versions of applications are used and all the necessary patches supplied by the vendor are applied.
Ransomware can lock your important files and prevent you from accessing them unless you pay a ransom fee. Ensuring you have good malware protection installed which is regularly updated helps block and remove malicious software infections.