In this episode of the Smarter Building podcast, we caught up with Robert Kumapley, the Chief of Enterprise Asset Management (EAM) Program at The Port Authority of New York & New Jersey (PANYNJ), on the challenges and advantages of implementing an asset management strategy.
Everything you need to know about the Cyber Essentials Scheme
IT security within any business is important; especially given the increase of cyber attacks and hacks and with more businesses enabling a remote workforce. Regular security audits are essential to help a business to secure their estate and prevent a large majority of cyber hacks and attacks.
Being Cyber Essentials certified ourselves, Symetri can guide you in the right direction to become more secure and gain your certification.
What is the Cyber Essentials Scheme?
The Cyber Essentials Scheme is a government backed scheme which aims to keep your business protected against the most common cyber-attacks. It ensures that you have the correct technical controls, policies, and procedures in place to remain secure.
There are 2 options available with Cyber Essentials certification:
- The basic Cyber Essentials certification is a self-assessment option where you provide all the information about your estate to an approved assessor.
- Cyber Essentials Plus certification requires a hands-on technical verification by an approved assessor to ensure compliancy.
Cyber Essentials certification lasts 1 year from the date on the certificate and requires recertification each year to remain compliant.
Why should I consider it?
One of the biggest growing threats to any business is the possibility of a cyber attack which can be detrimental. The Cyber Essentials Scheme aims to ensure that your business is following the best security practices to keep you and your company secure. Depending on the size of your business, you may also be eligible for free Cyber Liability .
Cyber Essentials is also becoming a common requirement for project driven work, especially where collaboration is essential, or suppliers are bidding for government contracts; especially those that handle sensitive or personal information.
What does Cyber Essentials Assessment Cover?
There are 5 controls that cover the basics of an effective secure infrastructure, and these are the areas which the Cyber Essentials Scheme covers.
These controls are designed to prevent unauthorised access to or from your private network. This is separate from your antivirus software which helps against malware. All devices that connect to the internet must be protected by an efficient firewall, either hardware or software.
- Secure Configurations
Ensuring your hardware and software are using secure configurations can help ensure that your network is not open to vulnerabilities.
- User Access Control
It is important to ensure that access to your data and services are kept to a minimum. Managing user accounts to ensure that they are following the best secure configuration and by limiting privileges, allows for a more secure and auditable process. However, this does often mean compromising convenience for security.
- Malware Protection
Protecting against malware (which includes viruses, worms, spyware, ransomware, etc) is vital to any business. Ensuring your endpoints have a valid and up to date Malware protection solution helps secure your business.
- Patch Management
All hardware and software are prone to vulnerabilities which can be exploited by cyber criminals. This section looks to ensure your devices are running supported operating systems and are kept up to date to patch any known exploits. It also looks at the software used to ensure that the software is supported, up to date and compliant to ensure that any weaknesses found are resolved.
What is in scope for Cyber Essentials?
As this is a continually updated certification, each year the scope may change. The Cyber Essentials 3.0 January 2022 edition ensures that your business network, personal devices, and cloud services are secure. This means that any personal device would need to comply with the same security measures as the rest of your business. The below diagram, found in the NCSC requirements document, shows the boundary of scope for this. Any device or service that is inside the boundary needs to be included when applying for Cyber Essentials certification.
How can Symetri help?
Although Symetri are not Cyber Essentials approved assessors, our IT experts can help evaluate your network and advise on what is required to attain Cyber Essentials certification and how to remain compliant. We can also assist with any support you may need when completing your self-assessment application.
NCSC Cyber Essentials: https://www.ncsc.gov.uk/cyberessentials/overview
V3.0 Jan 2022 Requirements: https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-0-January-2022.pdf
If you would like to discuss your company’s cyber security strategy or learn more about the Cyber Essentials scheme, please complete the form to arrange a meeting with one of our IT Consultants.
In the meantime, please click here for more information on Cyber Essential.