Is Cyber Essentials Plus right for my business?

Is Cyber Essentials Plus right for my business?

Are you considering Cyber Essentials Plus, but unsure whether it’s right for your business? To help you decide, we’ve pulled together a quick summary of how the government-backed certification works, and why it could be the next step for your business. Read on to find out more.

What is Cyber Essentials Plus?

Cyber Essentials Plus follows the same simple approach and offers the same benefits as Cyber Essentials. However, it differs in one key aspect; Cyber Essentials Plus includes a technical audit of your system. The controls are the same, the audit just ensures they’re in place and properly configured.  

The audit process takes a little more effort than the standard certification, but it’s worth it for the peace of mind that your security is up to standard.

When should you consider Cyber Essentials Plus?

The truth is, any business looking to improve its security could benefit from Cyber Essentials Plus. However, there are a few scenarios in which we’d recommend Cyber Essentials Plus.

Confused about certification? Read our free guide for everything you need to know.

1. You want a thorough assessment of your cybersecurity credentials 

Cyber Essentials is a great first step for any small business that wants to up its cybersecurity game. Nevertheless, the standard Cyber Essentials certification is self-assessed. This means that while you’ll have to comply with the security controls it lays out to pass, you won’t benefit from an independent assessment.

Cyber Essentials Plus, on the other hand, features a visit (either in person or remotely) from an independent auditor. So you’ll gain the peace of mind that your security credentials are up to scratch.

2. You want to work with high-value customers 

It’s a general rule of thumb that the more prestigious the clients you work with, the more stringent their security requirements. Cyber Essentials Plus can help demonstrate to potential customers with high expectations that you take data protection and cybersecurity seriously. And, it could help you steal a march on competitors.

3. You’re a public-facing business 

Any business that directly interacts with the public should make cybersecurity a top priority. If your business stores personal data, whether that’s contact details or financial information, it’s part of your duty of care to protect it.

Investing in Cyber Essentials Plus will not only help you put in place the measures needed to better protect your organisation, but it also demonstrates to customers that you take security – and their personal data – seriously. 

4. You work in a sector that requires higher-than-standard security

Some industries are more at risk from cyberattacks than others. For example, manufacturing firms were the victims in almost a quarter (24.9%) of all breaches globally in 2022, closely followed by finance and insurance with nearly a fifth (18.9%).

If your business works in a high-risk sector, it’s natural that you need better protection. Again, the standard certification is a great stepping stone, but the extra assessment and validation provided by Cyber Essentials Plus is key if you’re more likely to be targeted. 

What’s more, many businesses working in high-risk industries will require partners and suppliers to demonstrate better-than-basic credentials and Cyber Essentials Plus fulfils this function.

5. You want to access government funding or bid for tenders

Although Cyber Essentials Plus isn’t mandatory for all government funding and contracts yet, there are plenty of scenarios where you’ll need it. For instance, schools and colleges hoping to secure ESFA Education and Skills contracts are required to have passed Cyber Essentials and be working towards Cyber Essentials Plus.

Likewise, many healthcare and defence tenders mandate that applicants have, at least, the standard certification in place, if not Cyber Essentials Plus. There’s even a case to be made for investing in Cyber Essentials Plus even if the contract doesn’t require it. In a competitive tendering process, being able to demonstrate you have better security bona fides than your rivals could help tip the balance in your favour. 

Still unsure about which cybersecurity certification is right for your business? Check out our guide to UK certifications for everything you need to know. 

Cybersecurity certifications

What are the 2023 changes to Cyber Essentials?

changes to Cyber Essentials

April 2023 is set to see more changes to the Cyber Essentials question set. Here’s everything you need to know and what it means for your business.

What’s happening? 

On 23rd January 2023, the NCSC published an updated set of requirements, version 3.1 for the Cyber Essentials scheme. These changes called the ‘Montpellier question set’, come into force on 24th April 2023 and will replace last year’s Evendine question set.

What are the changes?

1. The definition of ‘software’ has been updated to clarify where firmware is in scope.

2. Asset management is now included as a highly recommended core security function.

3. A link to the NCSC’s BYOD guidance is now included to help businesses better manage their devices.

4. Clarification on including third-party devices – all devices that your organisation owns that are loaned to a third party must now be included.

5. The ‘Device unlocking’ section has been updated to reflect that some vendors have restrictions on device configuration. If that’s the case, the recommendation is to use the vendor’s default settings.

6. The ‘Malware Protection’ section has been updated. You must make sure that malware protection is active on all devices in scope. All anti-malware software has to:

  • Be updated in line with vendor recommendations
  • Prevent malware from running
  • Prevent the execution of malicious code
  • Prevent connections to malicious websites over the internet

And, only approved applications, restricted by code signing, are allowed to execute on devices. You must:

  • Actively approve such applications before deploying them to devices
  • Maintain a current list of approved applications, users must not be able to install any application that is unsigned or has an invalid signature
  1. New information has been added about how Cyber Essentials affects businesses using zero trust architecture. In short, this should be affected by the Cyber Essentials controls.
  2. The illustrative specification document for Cyber Essentials Plus has been updated. The changes to the malware section affect how an auditor carries out a Cyber Essentials Plus assessment and this will be discussed with customers when they book.
  3. Several style and language changes have been made and questions reworded to make the process simpler and easier to understand.
  4. The technical controls have been reordered to align with the self-assessment question set.

What does this mean for your business?

It’s relatively simple.

Any Cyber Essentials assessment that begins before 24th April 2023, will continue to use the current requirements. Meanwhile, any assessment that begins after 24th April will be assessed using the new Montpelier requirements.

The changes aren’t complicated and shouldn’t impact your ability to achieve certification or the time it takes to complete it. However, if you do have any questions, please get in touch and one of our team will be happy to talk you through it. 

Unsure whether certification is right for your business? Check out our guide to cybersecurity certifications in the UK.

Cybersecurity certifications

Why you could be eligible for free Cyber Essentials certification

funded Cyber Essentials certification

Do you run a small charity or legal aid firm? If so, you could be eligible for funded Cyber Essentials certification to help you put basic cybersecurity measures in place. Here’s everything you need to know.

What is the funded Cyber Essentials scheme? 

Small charities and legal aid firms protect and serve some of the most vulnerable in our society. However, unfortunately, they’re also a key target for cybercriminals. The NCSC’s Cyber Breaches Survey 2022 revealed that 30% of UK charities identified a breach in the last 12 months.

The reason for this is simple. Charities and legal aid firms process large volumes of highly sensitive data but often have relatively weak defences – making them an ideal target for cybercriminals.

To counter this, the National Cyber Security Centre and IASME have launched the new Funded Cyber Essentials Programme. This offers small organisations in high-risk sectors free, practical support to help put basic cybersecurity controls in place and achieve Cyber Essentials certification. 

How does the scheme work? 

Qualifying organisations will receive up to 20 hours of remote support with a Cyber Essentials Assessor – all at no cost. Our assessors will spend this time helping you identify and implement the improvements needed to meet the 5 technical controls of Cyber Essentials. We’ll follow this up with an assessment to ensure everything is in place. 

With our guidance, you’ll be ready to take the Cyber Essentials and Cyber Essentials Plus certifications. If it’s not possible for you to complete Cyber Essentials Plus after 20 hours of support, we’ll give you clear directions on how to become assessment ready. 

Is the certification free? 

Yes. IASME has agreed to fund both Cyber Essentials and Cyber Essentials Plus certification for successful applicants to the scheme.

Who is eligible for the scheme? 

To qualify for this scheme, your organisation must be:

  • A micro or small business (1 to 49 employees) that offers legal aid services
  • A micro or small charity (1 to 49 employees) that processes personal data

No previous cybersecurity experience or certification is required. Even if you’re completely new to cybersecurity, we’ll guide you through the process.

How long is the scheme running for? 

The scheme runs until the end of March 2023. However, it’s worth noting that IASME is offering a limited number of funded packages. So it’s worth getting your application in as soon as possible. 

What is Cyber Essentials?

The Cyber Essentials scheme is a UK-government-backed cybersecurity certification that outlines the security procedures a company should have in place to secure its data. Cyber Essentials is highly recommended for SMEs because this certification protects you against 98.5% of the most common cyber threats.

Cyber Essentials Plus includes all of the same technical controls but with one major difference. Whereas Cyber Essentials is a self-assessed certification, Cyber Essentials Plus includes a technical audit of your systems. This next step gives you 

complete peace of mind your cybersecurity is up to scratch. And, your clients and partners don’t have to take your word for it that you’re cyber secure – they can rely on the expertise of a professional.

Can I apply to the scheme through CyberSmart? 

Yes. As the UK’s leading provider of cybersecurity certifications, we’re proud to be taking part in this scheme. 

To apply for the scheme, head to IASME’s Funded Cyber Essentials page and fill in the form at the bottom of the page. If you’re successful in your application, IASME will pass you over to us (or another certification body) to complete the certification process.

Alternatively, if you’re one of our partners or MSPs and want to refer a customer for the scheme, get in touch. We can apply on your client’s behalf and ensure the support and certification is carried out by CyberSmart.

Want to know more about cybersecurity certifications? Check out our in-depth guide to cybersecurity certifications in the UK.

New whitepaper: A Guide to Cybersecurity Certifications in the UK 2023 edition

guide to cybersecurity certifications

The journey to cybersecurity compliance isn’t easy. You might start at the basics of Cyber Essentials certification and progress to take on the challenge of ISO 27001 compliance. It takes effort to get certified but if you put in the work, you’ll reap the benefits. You could enjoy:

  • Greater trust from customers and vendors
  • The chance to bid for government contracts
  • Protection from cyberattacks
  • GDPR compliance

Two of the biggest challenges facing businesses are knowing where to get started and how to build knowledge, but you don’t have to navigate cybersecurity alone. We’ve put together this new, updated guide as your one-stop shop for the three most common UK cybersecurity certifications. 

What’s covered?

In this guide, we outline how to choose the right certification for your business, how to get certified, and where to go for support. 

  • Cyber Essentials
    • With information on recent updates
  • Cyber Essentials Plus
  • ISO 27001
  • How to make compliance easy
    • Advice on getting started
  • Where to find support

So, if you’re unsure about whether your business needs a cybersecurity certification or which one is right for you, start by downloading our guide. It’s free and includes everything you need to know to make a decision.

Cybersecurity certifications

What to Expect from a Cyber Essentials Plus Audit

If you’re looking to validate your cybersecurity and data protection processes, a Cyber Essentials Plus certification could be right for you.

You might decide to go for Cyber Essential Plus accreditation because:

  • You want an independent assessment of your cybersecurity measures in addition to completing your self-assessment 
  • You want to show clients that data protection is a top priority
  • You work in an industry with higher-than-standard cybersecurity requirements

What’s the Difference Between Cyber Essentials and Cyber Essentials Plus?

For Cyber Essentials Plus, you’ll need a Cyber Essentials certification. To do this, you’ll build IT infrastructure and staff knowledge to meet standards across five categories:

  1. Firewalls
  2. Secure configuration
  3. User access control
  4. Malware protection
  5. Security update management

Then, you’ll take a self-assessment to get accredited. If you pass the self-assessment, you’ll be eligible to apply for Cyber Essentials Plus. 

Cyber Essentials Plus involves an independent audit of your devices, systems, and processes for extra validation – this is the key difference between Cyber Essentials and Cyber Essentials Plus.

Unsure which certification is best for you? Check out our guide to cybersecurity certifications in the UK.

What are the Benefits of a Cyber Essentials Plus Audit?

Some businesses find Cyber Essentials Plus more suitable because an independent assessment is more credible than a self-assessment. An objective, professional opinion ensures you’re as compliant as you think. It offers more peace of mind than you get with Cyber Essentials.

The verification of compliance also makes the certification more trustworthy for prospective and existing clients as there’s some external proof that you take cybersecurity and data management seriously. 

What to Expect from the Auditor

An auditor will audit a sample of your devices on-site or virtually to check they’re configured correctly. They’ll:

  • Confirm your devices
  • Scan devices to identify vulnerabilities using Nessus Professional scanning software
  • Observe how devices process emails with test attachments
  • Observe how devices handle downloads of file attachments from test websites
  • Check the installation and configuration of anti-virus software
  • Test Multi-Factor Authentication on applicable cloud services
  • Test how well your default browsers block malicious activity
  • Confirm account separation between admin and user accounts
  • Capture screenshots for evidence

How to prepare for the audit

Here are some practical ways to prepare for your audit.

Check your software

  • Update software on all devices, including servers
  • Download and install the 7-day trial of Nessus Professional, if you don’t have it already. This means the auditor can complete a Credentialed Patch Scan. If you have an alternative PCI-approved scanning tool already, please speak to your auditor
  • If you use the 7-day trial, create an account and download plugins to complete installation.
  • Remove software you don’t use regularly from every device, e.g., old browsers like Firefox

If you run Windows:

  • Enable file and print sharing. You can find this option in advanced sharing settings

If you run Windows 10:

  • Set the Windows service “RemoteRegistry” start-up type to “manual”. Access this by typing “services” in the home screen search bar

Create a new registry value:

  • Type “regedit” in the home screen search bar
  • Hive and key path: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
  • On System, right click and select New –> DWORD (32-bit) Value / REG_DWORD
  • Value name: LocalAccountTokenFilterPolicy
  • Value data: 1 (decimal)

If you run macOS:

  • Enable file sharing and remote login. You’ll find these options in System Preferences –> Sharing
  • Update AV engines and signature files. If you use an enterprise management dashboard to do this, even better
  • Activate and update AV plugins for every browser

The auditor will ask you for:

  • Administrator-level domain access. Create a new admin account for the audit or ensure an admin is there to help
  • A list of all in-scope devices and operating systems. If you use Windows 10, run a registry edit so the auditor can complete a scan
  • User email addresses for the email/web tests
  • A signed consent form

Need More Support?

If you’re not ready for a Cyber Essentials Plus audit or need some advice on which accreditation is right for you, there’s plenty of help available. Don’t rush into it. It’s important to pick based on your industry, goals, size, and the benefits you’ll experience from getting certified. It’s always good to prove your cybersecurity credentials, but that doesn’t always mean going for the most advanced accreditation.

And, you can always find out more about which certification is right for you by downloading our guide to cybersecurity certifications in the UK.

Cybersecurity certifications

How Cyber Essentials certification can help you win new business

Cyber Essentials certification

Cyber Essentials certification has numerous benefits. You probably know all about the headline ones, such as protection from 98.5% of cyber threats and peace of mind that your staff are working safely. 

However, there’s another advantage to certification that’s discussed less frequently. Cyber Essentials certification can also help your company win new business. How? We’ve enlisted a few of our clients to explain in their own words. 

Government tenders 

Cyber Essentials (or Cyber Essentials Plus) certification is a mandatory requirement for funding in some parts of the NHS and education system (ESFA funding, for example). 

But Cyber Essentials also has another role to play. Certification is fast becoming a requirement to bid for many UK government tenders. And, getting certified can not only unlock new opportunities for your business but also make the whole process easier, as Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile, explains: 

“Certification has made the process of submitting tenders and business documentation much easier. The certification itself answers many of the questions we’re asked in potential business agreements.”

Building trust 

In an online economy teeming with potential risks, trust is often a prerequisite for doing business. After all, how can you know whether a new partner or supplier is following the cybersecurity best practices they claim to be?

You need proof. And this is where Cyber Essentials comes in. Cyber Essentials is a simple, cost-effective way to demonstrate your security credentials to potential customers and partners:

Our customers, partners and prospects have really appreciated the additional assurance that certification provides. What’s more, their trust in how we manage our business and the services we provide has also increased. 

We find once we’ve submitted our Cyber Essentials Plus certificate to other businesses, they’re generally satisfied and don’t require any further proof of our commitment to security. The certificate provides all the proof they need.”  Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile

“FNA works with some of the most important financial institutions in the world and handles highly sensitive data. As such, it is critical to them that they take every precaution to meet a high standard of cybersecurity.

Sometimes, you actually need to see that you can trust someone to trust them. With the help of CyberSmart’s app, FNA’s leadership team were provided with an efficient means of verifying that all their employees have met the basic security checks. Rather than having to manually assess every individual device, the CyberSmart software helps FNA run automatic audits in the background and sends alerts when individuals drop below certain standards. In a way, removing any ambiguity surrounding what employees may or may not have done and offering peace of mind.” Kimmo Soramaki, Founder and CEO of Financial Network Analytics

New business 

Lastly, Cyber Essentials certification can mark you out as a trustworthy business that takes security and data protection seriously. In a world where proof of cybersecurity credentials is increasingly important, this makes you an attractive proposition to prospective customers and partners. 

Ben Pook, Director of Play Verto, explains how getting certified has helped his business: 

The impact of not having the right security measures in place is massive. Our customers and partners rely on us to keep their data secure. CyberSmart offers an additional service that is critical in giving both ourselves, as well as our customers, peace of mind.

When we take on a new client, they want to understand how we collect data, how we store it, where it is stored, which servers we are using etc. With CyberSmart, all of that information is in one place and easily accessible. What’s more, the certificates themselves are a demonstration that we take security seriously in the eyes of our customers.

So there you have it. Not only can Cyber Essentials dramatically improve your business’s cybersecurity, but it’s also a great way to gain an edge over competitors and open up new avenues of opportunity. And, at CyberSmart, we can get you certified in as little as 24 hours. Click here to find out more.

CTA button

Case study: Helping a healthcare business build trust


Cyber Essentials certification is becoming ever-more important to the healthcare industry, particularly for those firms looking to work with the NHS. 

So we sat down with Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile to discuss how CyberSmart has helped the business complete Cyber Essentials Plus certification.

Vula is a medical referral app and online platform that makes it easy for primary healthcare workers to get advice from and refer patients to specialists.

CyberSmart: What security challenges have you faced as a business? 

Kim: Like many businesses – even those with good physical, technical and administrative security measures in place –  it’s often a challenge to reassure customers and partners that their data is protected and our organisation is secure. 

The Cyber Essentials Plus certification has allowed us to demonstrate to customers and partners that we take security seriously. And, that we’re continually improving and verifying that our security processes are effective and well managed. 

CyberSmart: What prompted you to get Cyber Essentials Plus certification?

Kim: Initially, we were required to get Cyber Essentials Plus to apply for a business tender. However, since then, Cyber Essentials Plus has helped us obtain and move forward with other contracts. Being able to demonstrate our security measures to current and potential customers has proved invaluable. 

The Cyber Essentials Plus certification offered through CyberSmart is an absolute necessity for any business that wants to validate its security commitments.

CyberSmart: How easy was the process from initial enquiry to certification?

Kim: The process was exceptionally quick and seamless, from our initial contact with James (Direct Sales Manager at CyberSmart) to our audit with Glen (CyberSmart’s Head of Cyber Audit) and obtaining our certification. 

The team at CyberSmart were always on hand with information and advice, making the whole process much less stressful. It was also wonderful that they were able to do everything remotely as we are based in South Africa. 

CyberSmart: How long did the process take? 

Kim: The initial questionnaire for Cyber Essentials took around a week to complete. We had our first response back requesting more information on three questions within a day of completing it. I provided the information the same day and we were granted certification later that afternoon. 

We then started Cyber Essentials Plus certification two weeks later, preparing ourselves for the online audit. The audit took around three hours; Glen was exceptional in helping us prepare and very thorough in his assessment. We received our Cyber Essentials certification the same day as the audit which was a very efficient turnaround. 

CyberSmart: How has Cyber Essentials Plus helped your business?

Kim: It’s proved an invaluable way of proving to customers, partners and prospects that our security is effective and follows best practices. Certification has also made the process of submitting tenders and business documentation much easier. The certification itself answers many of the questions we’re asked in potential business agreements. 

Our customers, partners and prospects have really appreciated the additional assurance that certification provides.

CyberSmart: Have you noticed any change in your relationship with customers, suppliers, or prospects since getting certified?

Kim: Our customers, partners and prospects have really appreciated the additional assurance that certification provides. What’s more, their trust in how we manage our business and the services we provide has also increased. 

We find once we’ve submitted our Cyber Essentials Plus certificate to other businesses, they’re generally satisfied and don’t require any further proof of our commitment to security. The certificate provides all the proof they need. 

CyberSmart: Would you recommend Cyber Essentials Plus to other businesses like yours?

Kim: Most definitely. The Cyber Essentials Plus certification offered through CyberSmart is an absolute necessity for any business that wants to validate its security commitments. And, it’s a great way to assure customers and business partners that your organisation is secure.

Finally, it’s also a very methodical approach to ensuring your security measures are well-thought-out, executed properly, and mitigate cybersecurity risks. 

Considering Cyber Essentials Plus for your business? Click here to find out why CyberSmart is the UK’s leading provider of Cyber Essentials certification.

CTA button

New whitepaper: Cyber Essentials for Education

If you work in education and are applying for funding, you’ve probably heard the phrase ‘Cyber Essentials’ mentioned. Cyber Essentials are a set of security guidelines laid out by the UK government to help organisations address the basics of cyber hygiene.

It’s important to education providers because Cyber Essentials certification is now part of the security requirements for Education and Skills Funding Agreements (ESFA).

For the 2020-21 funding year, all recipients must meet the requirements for the UK’s Cyber Essentials scheme. And next year, achieving Cyber Essentials Plus certification will also be mandatory. 

However, cybersecurity and funding requirements can be confusing. So, we’ve put together a guide to help you get certified and meet the EFSA funding deadline. The guide covers everything you need to know, including: 

  • What the Cyber Essentials scheme is
  • The difference between Cyber Essentials Standard and Plus certifications
  • Why cybersecurity is important to the education sector 
  • How to get certified immediately and meet the EFSA deadline
  • How to move beyond certification and keep your organisation protected

To find out more and get prepared for the EFSA deadline, download your free copy here or follow the link below.


Mythbusting: on security and why we’re still using Zoom

Amidst its general path of destruction, coronavirus has blessed only a select few industries in lockdown (we’re looking at you baking supply companies) and fewer still have experienced a rise as meteoric as Zoom.

In the month of March, the video conferencing software jumped from 10 million to 200 million daily users. Everyone from politicians to pick-up football leagues is hosting Zoom chats making a moderately well-known company into a household name and an integrated part of our lives. 

But this rapid expansion has brought media scrutiny with it. The past few weeks the news has been littered with stories of Zoom security breaches and questions around its reliability and safety. We’re unpacking a few of the myths behind these reports and explaining why we, as a cyber security company, are still on the Zoom bandwagon.

Some technical stuff

First, almost all conferencing software, including Zoom, uses HTTPS/TLS- an encryption protocol that protects communications on the internet. It’s the same protocol your bank uses when you login online or via an app. The information is encrypted from you to the servers of the provider, and then re-encrypted from the provider to you via a similar secure link. 

Should the government be using Zoom to convey top secret information? Probably not. Is it fine for communicating openly with your team? Absolutely.

Basically, services like Zoom that use this encryption are inherently quite secure. Should the government be using Zoom to convey top secret information? Probably not. Is it fine for communicating openly with your team? Absolutely.

Security versus privacy

These two terms are very often and quite easily confused. Security protects strangers from unauthorised access to your data. Privacy has to do with the safeguarding of your identity. You can have security without privacy but not privacy without security.

The first wave of Zoom ‘security’ concerns was really about privacy and their collection of personal data of users. They have since updated their privacy policy to prevent anyone including Zoom employees from directly accessing data that users share during meetings including their names, and video/audio/chat recordings. “Importantly,” a Zoom spokesperson adds, “Zoom does not mine user data or sell user data of any kind to anyone.” While they don’t sell or share data with third parties, they do use Google Ads and Google Analytics.

If you really care about security

If you really care about security there are a few things you should always keep in mind when using videoconferencing. 

First, use a unique password. According to a recent report, 71% of accounts are protected by passwords used on multiple websites. One of Zoom’s highest profile ‘breaches’ was actually just a breach on another platform for which users had been using the same password thus opening them up to further attack.

71% of accounts are protected by passwords used on multiple websites.

Second, update your operating system and keep your video conferencing software up-to-date. This will mean any patches or protection by the company will be in place on your device. Alternatively, you can use a browser rather than a separate app which are less vulnerable to attack.

If you want to use Zoom there are some settings you can activate for enhanced protection and privacy. These include the option to watermark all content, and restricting meetings to people with a certain email domain ( ‘Zoom bombing’ (allowing random people to enter your calls) is prevented by requiring your attendees to use a password to join a meeting.

We don’t recommend recording meetings unless you’re happy with them eventually making the papers but if you must, you can choose to store them locally rather than on the cloud.

If you really, really care about security

If you work in an industry with incredibly sensitive data that requires end-to-end encryption, Zoom may not be the service for you. They don’t truly offer this but there are a few others that do. You might consider using Wire or Webex (this is what we use to conduct remote security audits for Cyber Essentials Plus certification).

Video conferencing is a must in the remote workplace but there are a few factors to consider when deciding which service to use. The National Cyber Security Centre offers some great guidance on this. 

As always, remember that the majority of cyber attacks can be prevented through basic cyber hygiene and the guidelines covered in the government’s Cyber Essentials scheme.

3 signs you should update your cyber security immediately

What is GDPR?

Cybersecurity is an issue that most people don’t take seriously until the worse happens- from stolen customer data to electrical blackouts or paralysed information systems. And unfortunately, these incidents have been steadily rising for small businesses.

Basic controls like firewalls and strong password protections can go a long way in protecting you but if your business isn’t up-to-date in terms of security protocols and practices, then you’re likely at a far higher risk than you think of security breaches, data loss or even malicious attacks from hackers and outside sources.

Before it gets to that point, though, recognising that your system isn’t secure is an excellent place to start.

If you, or your staff, have spotted any of these red flags within your system, then it might be time to invest in better cybersecurity, or even consider our 24/7 cyber monitoring software to boost the safety of your business:

Errors or out-of-date notices on software

We’ve all been known to ignore warnings and errors related to the software we use, especially if that particular piece of software continues to work correctly. But out-of-date technology, particularly software connected to the internet or cloud, can be an open door for hackers.

If you’ve noticed errors or out-of-licence notices on company software, updating your processes and guidelines to ensure this is reported, and any updates are done swiftly, is best practice.

OS systems that are not updated to the latest version

Many employees are guilty of this particular security issue. Leaving computers on overnight and never allowing updates to occur may allow for a quicker start to the day, but it’s not worth the security risks it brings. If you find employees regularly lagging behind on the latest OS updates, completing these updates should be included in the responsibilities of your IT team to ensure your company is compliant.

An increase or influx in spam emails or potentially harmful links

Outdated or less secure email systems can lead to a significant increase in the amount of spam your business receives which could have harmful attachments and links included in them. Ensuring your firewall, spam systems, and other security measures are up-to-date can prevent problem emails from reaching you. If you’ve noticed a sudden increase, ensure all your systems are up to date.

All too often, businesses forget all about their cybersecurity requirements until problems occur – whether it’s a virus in the system, a hacking attempt or a full-on ransom demand.

That’s why CyberSmart’s simple app and dashboard alert you any time a device in your company has a firewall disabled, is behind on updates, or needs a software update. Beyond certification, we offer the kind of 24/7 protection that will keep your business, employees, and customers safe in the world of 2020.

To learn more about our software and certification services, contact CyberSmart today.