We have been working with Roz Woodward of SECUR!OUS, one of our Trusted Partners to take a deep dive into the control areas of Cyber Essentials.
Would you go to bed at night with the front door wide open and car keys clearly visible on the hall table, along with your wallet and iPad? Of course you wouldn’t… But this scenario is an analogy of what Cyber Essentials represents to our personal and professional cyber security posture.
It comprises controls that represent our cyber front door - which can either be left wide open, or locked and monitored. It’s up to you…
What are the five controls that Cyber Essentials looks at?
Keep your devices and software up-to-date
Ensuring that all your devices’ operating systems and applications are up-to-date is very important, because manufacturers and developers regularly release patches to address security vulnerabilities that have been discovered. Cyber Essentials will enable you to identify if you are running unsupported software, and if your supported applications / operating systems are up-to-date.
Devices and software aren’t up to date = no cyber front door at all
Protect yourself from viruses and other malware
Protecting your systems with anti-virus software, intrusion detection / prevention systems would be akin to having CCTV or a security guard at your entrance, alerting you to potential threats and even stopping them on your behalf. Most popular Operating Systems include effective virus and threat protection… if all the modules are enabled. How is your configuration?
No anti-virus or intrusion protection = cyber front door wide open
Control who has access to your data and services
Would you let everyone you know have a key to your home? No way! Cyber Essentials helps you take control of who has access to your data and services. Often clients don’t understand the significance of administrator and standard user accounts, and yet getting this wrong could result in an intruder having access to far more than you’d like.
No access controls = cyber security front door ajar
Use secure settings for your devices and software
Most devices and software applications are supplied with default configurations that make getting started easy for the user. However, as above, leaving default settings can make it easier for cyber attackers to gain access to your data. Sharing user accounts and login credentials and having weak passwords also represents a significant risk.
Not using secure settings on devices and software = cyber front door closed, but on the latch
Use a firewall to secure your internet connection.
Do you have a firewall? Of course, you do! A larger organisation may have a bespoke firewall device, a smaller company or home worker will have a software firewall built into the hub or router provided by their ISP. But let me ask you this: Have you changed the default password on your firewall / router? No?
Misconfigured firewall = cyber front door closed, but not locked