Guide to Cyber Essentials and Malware Protection

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

To highlight the importance and usefulness of the Cyber Essentials scheme, we’ve produced a series of blog posts summarising each of the five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

This blog covers malware. Malware, short for “malicious software”, refers to a type of computer program designed to infect a legitimate user’s computer and inflict harm on it in multiple ways. There are various types of malware, including spyware, worms, adware, ransomware, viruses and Trojan horses.

A growing threat to businesses

Malware is a significant problem. Research by SentinelOne and Vanson Bourne found that 40% of UK companies fell victim to an average of five ransomware attacks in 2017, costing them £329,976 each.

The research also highlights that the overall number of organisations experiencing ransomware attacks increased from 48% in 2016 to 56% in 2018.

A long and varied list of threats

Malware causes havoc by stealing confidential information, damaging files and even locking them and preventing access until a ransom is paid.

Malicious programs can be delivered physically to a system through a USB drive or other means, or via the Internet through drive-by downloads, which automatically download malicious programs to users’ systems.

Malicious websites and phishing – scam emails disguised as legitimate messages that contain malicious links or attachments – are two common delivery methods.

More sophisticated malware attacks often feature the use of a command-and-control server that allows attackers to communicate with the infected systems, exfiltrate sensitive data and remotely control the compromised device or server.

An attack can be incredibly damaging, so it is important to protect your system, your privacy and your sensitive documents.

Protect yourself from malware

Cyber Essentials can help restrict the execution of known malware and untrusted software and prevent harmful code from causing damage or accessing sensitive data.

To minimise the risk of malware, your organisation should adopt at least one of the following approaches:

1) Anti-malware software

  • The software must be kept up to date, with signature files updated at least daily.
  • The software must be configured to scan files automatically upon access. This includes when files are downloaded and opened, and when they are accessed from a network folder.
  • The software must scan web pages automatically when they are accessed through a web browser.
  • The software must prevent connections to malicious websites on the Internet.

2) Application whitelisting

Only approved applications are allowed to execute on devices. The organisation must actively approve such applications before deploying them to devices and maintain a current list of approved applications.

3) Application sandboxing

All code of unknown origin must be run within a ‘sandbox’ that prevents access to other resources unless the user explicitly grants permission.

Secure your organisation with Cyber Essentials

Being Cyber Essentials certified demonstrates your commitment to cyber security. The details of any organisation that has Cyber Essentials certification can be found at:

By implementing the scheme, you can:

  • Benefit from security controls to help prevent 80% of attacks;
  • Demonstrate security to increase your chance of securing business;
  • Work with the UK government and MoD; and
  • Reduce cyber insurance premiums.

With IT Governance, you can complete the entire certification process quickly and easily using our online portal for as little as £300.

Find out more >>