The National Cyber Security Centre has released a new programme, Cyber Essentials. They have listed five technical controls to help businesses improve their cyber security. The steps are easy to follow, breaking down the jargon and helping users to guard against the most common types of cyber threats! Here is a summary of the five areas below which are highlighted as helping to secure your business.
Use a firewall to secure your internet connection
The Cyber Essentials Certification requires businesses to configure and use a firewall to protect all devices, particularly those that connect to public or other untrusted Wi-Fi networks.
A firewall creates a ‘buffer zone’ between computers and the internet, scanning and analyzing incoming traffic to determine whether it should be allowed on your network.
Firewalls are a vital component of network security control. This gateway-level solution uses predetermined rules to analyze and manage traffic entering and leaving your network, speak to a member of our technical team who will work with your business to find the right firewall solution.
Choose the most secure settings for your devices and software
Device manufacturers design them to be as user friendly as possible both for set up and ongoing maintenance. This can unfortunately leave businesses vulnerable to cyber criminals who will look to exploit any exposed devices.
A simple way to protect your device is of course passwords, they must be complex enough that they are hard to crack but also simple enough for the user to remember if required to type them in. Passwords are not only used to prevent unauthorized access to a device, they can be used to add additional layer of protection to data and documents which are stored either on your device or in the Cloud.
Devices can be made even more secure with two-factor authentication (2FA), which is quite often a PIN or touch-ID. The more layers of protection added the safer your device and the contents on it will be.
Control who has access to your data and services
Limiting access to information, software and services to those who need it will help reduce the risk of critical data being misused or stolen. Additionally, accounts that have access to multiple high value assets such as admin accounts should only be used for administrative tasks, by doing this you will further reduce the chance of your business-critical accounts being compromised.
Ensure that all colleagues are briefed to only use resources and software from legitimate sources, as installing or using unofficial software can leave your device and network exposed. A process to limit the ability to install or download additional software can be created within your business. (Do we need to give a topline how this done i.e. by adding a level of verification (or whatever the answer may be)
Protect yourself from viruses and other malware
Malicious software or malware can be used to attack, damaged or cripple devices, software, information and networks. An example that most people have heard of is Ransomware, which infects data and systems making them unusable until a ransom is paid.
Malware can find its way onto a device in several ways, infected email attachments, malicious websites, or removable storage drives. Simple checks and knowledge about the way’s malware can infect a device will help to reduce the chance of devices or networks being impacted.
There are additional ways to defend against malicious software.
The first is Anti-malware measures, these are often included on new devices such as Windows and Apple. Enabling these features will help keep your device much safer.
The second is Whitelisting, this is where an administrator or administrative account creates a list of software and tools that can be installed on devices freely. It prevents a user installing software without the authorization and checks of the administrator and is a simple way to prevent malware being installed.
The third and final way is Sandboxing. This is the process of running applications in an isolated environment, which has very restricted access to the rest of your device and network. It helps to keep your data and files out of reach from malware attacks.
Keep your devices and software up to date
Regardless of the type of device businesses use, it critical to keep them up to date. Updates are released on a regular basis; often being done to fix security vulnerabilities that have been discovered.
Installing these updates is often known as ‘patching’, it is one of the most important things you can do to improve security on a regular basis. Most devices and software can be set-up to install updates automatically.
It is also advised to replace devices once they have been is use for a few years. As new products are released software updates for legacy devices will eventually stop.
Cyber Essentials is a simple but effective Government backed scheme that’s aim is to help educate and protect organizations from a range of common cyber-attacks. You can use the scheme to either develop your understanding of cyber security or take one of their certifications. Discover how Cyber Essentials can help your business today.