Cyber Essentials is a UK government scheme that outlines steps that organisations can take to secure their systems.
It contains five controls that cover the basics of effective information security.
They can be implemented by anyone who is familiar with the scheme, regardless of their information security knowledge.
Despite the scheme’s focus on only the fundamentals of cyber security, it is hugely beneficial to anyone who certifies. Those who follow the Cyber Essentials scheme can prevent about 80% of cyber attacks.
This blog explains the five Cyber Essentials controls and how they keep organisations safe.
How does Cyber Essentials work?
Most criminal hackers aren’t state-sponsored agencies or activists looking for high-profile targets. Nor do they spend countless hours staking out and researching their targets.
Instead, they tend to be opportunistic, looking for any available target.
They are like burglars in that they know what is valuable, but they prefer to go after easier targets.
Just as burglars identify marks by scouting neighbourhoods and looking for poorly protected homes, cyber criminals look for easily exploitable weaknesses.
Cyber Essentials addresses this, helping organisations avoid weaknesses and address vulnerabilities before criminal hackers have the chance to exploit them.
Organisations can certify to Cyber Essentials by completing a self-assessment questionnaire that covers the five controls of the scheme.
If you need help meeting those requirements, IT Governance is here to help. We offer a variety of certification solutions based on the level of support you need.
What are the five controls?
Firewalls stop unauthorised access to and from private networks but must be set up correctly to be effective.
Boundary firewalls and Internet gateways allow you to control who can access your system and where your users can go.
Antivirus software defends against viruses and malware, while firewalls protect against external threats.
The security provided by the firewall can be adjusted like any other control function (in other words, the firewall ‘rules’).
2) Secure configuration
Web server and application server configurations play a crucial role in cyber security. Failure to manage the proper configuration of your servers can lead to a wide variety of security problems.
Configure computers and network devices to reduce vulnerabilities and only provide necessary services.
This will help prevent unauthorised actions from being carried out. It will also ensure that each device discloses only the minimum information about itself to the Internet.
A scan can reveal opportunities for exploitation through insecure configuration.
3) User access control
It is important to keep access to your data and services to a minimum. This should prevent a criminal hacker from being presented with open access to your information.
Criminals want to get administrator rights so they can break into applications and access confidential information.
Convenience sometimes results in many users having administrator rights, which can create opportunities for exploitation.
User accounts, particularly those with special access privileges, should be assigned only to authorised individuals. They must be managed effectively, and provide the minimum level of access to applications, computers and networks.
4) Malware protection
It is vital that you protect your business from malicious software, which will seek to access files on your system.
The software can cause chaos by stealing private data, corrupting files, and blocking access until you pay a fee.
Protecting against a broad range of malware will protect your computer, your privacy and your important documents from attack.
5) Patch management
All devices and software are prone to technical vulnerabilities. Cyber criminals can rapidly exploit vulnerabilities once they’ve been discovered and shared publicly.
Criminal hackers exploit known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
Updating software and operating systems will help to fix these known weaknesses.
It is crucial to do this as quickly as possible to close any opportunities that could be used to gain access.
Cyber Essentials: A guide to the scheme
You can find out more about Cyber Essentials by downloading our free guide.
Cyber Essentials: A guide to the scheme provides guidance on the five controls and how to obtain certification.
IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK
Download our guide to find out how you can get started.
A version of this blog was originally published on 29 August 2018.