What does Cyber Essentials Cover?
Within the Cyber Essentials scheme, there are five control categories which cover around 80% of the most common cyber risks that you will face today.
These controls include the following:
Firewall and Boundary Security
A firewall should be in place between the Internet and your organisation’s internal network. This firewall should be securely configured and be reviewed regularly.
Devices and software should be configured securely to prevent them from being compromised by a malicious user or malware. Default passwords should be changed, and all passwords should be suitably complex to prevent them from being guessed. All unnecessary software should be removed from end-user devices.
User Access Control
Access to your organisation’s data should be controlled through correctly assigned user accounts. Administration privileges should be tightly controlled, and administrative rights should only be granted to users who have a genuine, business need for this level of access.
A robust anti-malware solution should be applied to prevent servers and end-user devices from being infected with malicious software. Cyber Essentials allows this to be achieved through conventional anti-virus software, allowed application listing or by running applications in “sandboxed” environments.
All security updates and patches should be applied to devices and installed software. This ensures that security vulnerabilities are fixed and reduces the likelihood of devices and applications being compromised by a malicious user or malware.