Data protection, privacy, security, viruses, password complexity, malware, GDPR, firewalls, Cloud services, hacking, ransomware, identity theft… No doubt they’re all terms that you’ve heard of, but what’s it all about?
Security and privacy are of absolute paramount importance, not just at a personal level, but more so than ever at a business level.
Cyber-attacks come in many shapes and sizes. The vast majority are very basic in nature, often carried out by relatively unskilled individuals, or easily downloadable automated programs. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. At LMS Group we’re all about security, and ultimately, it’s our job to prevent our clients fromxza government agency) some time ago came up with a simple list of five technical controls that are designed to protect businesses. Putting these controls in place and then going on to gain the Cyber Essentials accreditation not only demonstrates your commitment to security, but also your commitment to your staff, suppliers and customers, and any data that you may hold on them!
With the forthcoming General Data Protection Regulation (GDPR) which will become law in May, the need for business to protect both personal and business critical data has never been more important. Let’s be honest, not having adequate cyber security is like a game of Russian roulette. It is to be frank, guaranteed business suicide!
Introducing Cyber Essentials:
Cyber Essentials is a government-backed accreditation that helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. There are just five technical controls that you can put in place.
How does it work?
The first control is the point of entry to your network: your firewall. Often this is built-in as part of your router or operating system, and the chances are you’ll have never have changed any of its default settings? Our advice is to introduce a device known as a Security Appliance. This device acts as a shield to your network, protecting your business with smart features such as Intrusion Prevention, Advanced Malware Protection and an Identity-Based Firewall. Smart!
The second and third controls that need to be looked at are your own devices. Manufacturers often set the default configurations of new software and hardware to be as open and freely multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data. Too often, this is with ease due to the default administrative accounts being used.
Unnecessary functions, accounts, services and software should all be removed. Strong passwords should be enforced and all default passwords should be changed. Wherever possible, Multi-Factor Authentication should be used, and users should opt for restrictive (non-administrative) accounts.
The fourth and fifth controls are keeping all software up-to-date (Patch Management), and ensuring that anti-virus and anti-malware software is installed. Exploits in software and pieces of code are constantly identified and used maliciously. By having anti-virus and anti-malware software installed, and by keeping everything fully up-to-date, you’re adding an extra layer of protection, and reducing the chance of that vulnerability being exploited.
Not every business has the time or resources that are required to develop maintain a full set of cyber security defence systems and measures, especially not in the SME marketplace. Cyber Essentials has been designed to fit with any size business at whatever step they may be at with their cyber security. For ease of understanding and to be able to identify what you should be doing, there are three tiers of engagement:
The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
If you need more certainty in your cyber security, you can go for basic, or entry-level Cyber Essentials certification.
For those who want to take cyber security further, you can go for Cyber Essentials Plus certification.
Certification gives you peace of mind that your defences will protect against the vast majority of common cyber-attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
The process of obtaining Cyber Essentials certification is simple, however, it pays to have some expert advice and a helping hand to ensure that you’re not wasting your time or money from day one. There are some basic principles that need to be looked at and implemented before even considering a Cyber Essentials accreditation.
If you’d like to find out more about how we can help you with gaining the Cyber Essentials accreditation, or even if you’d like some non-obligatory advice, give us a call on 0330 088 2565 or for more information please visit www.lms.group/cyber