In 2015, a research team at Lancaster University concluded that 99% of cyber risks could be avoided through following a set of surprisingly simple security measures. These measures, or controls, make up the basis of the government’s standard for security certification, Cyber Essentials, which is what we help businesses achieve here at CyberSmart.
However, there’s a lot you can do on your own to prepare yourself for the Cyber Essentials assessment or just to improve your general cyber hygiene around its guidelines. We’re going to walk you through some of the processes you will need to have in place when you complete the self-assessment for Cyber Essentials before it is reviewed by an assessor.
Keep in mind that the Cyber Essentials questionnaire is asking you to evaluate every device in your company (laptops, personal computers used for work, phones, the works) and whether it complies with the rules. If it is being used for work, it should be included.
Choose the most secure settings for your devices and software
☐ Know what ‘configuration’ means
☐ Find the settings of your device and try to turn off a function that you don’t need
☐ Find the settings of a piece of software you regularly use and try to turn off a function that you don’t need
☐ Read the NCSC guidance on passwords
☐ Make sure you’re still happy with your passwords
☐ Read up about two-factor authentication
Control who has access to your data and services
☐ Read up on accounts and permissions
☐ Understand the concept of ‘least privilege’
☐ Know who has administrative privileges to your data and on which machines
☐ Know what counts as an administrative task
☐ Set up a minimal user account on one of your devices
Protect yourself from viruses and other malware
☐ Know what malware is and how it can get onto your devices
☐ Identify three ways to protect against malware
☐ Read up about anti-virus applications
☐ Install an antivirus application on one of your devices and test for viruses
☐ Research secure places to buy apps, such as Google Play and Apple App Store
☐ Understand what a ‘sandbox’ is
Keep your devices and software up to date
☐ Know what ‘patching’ is
☐ Verify that the operating systems on all of your devices are set to ‘Automatic Update’
☐ Try to set a piece of software that you regularly use to ‘Automatic update’
☐ List all the software you have which is no longer supported
If you can follow this guidance now, you can pass certification quickly and with flying colours. If you struggle with any of them, CyberSmart has helped guide hundreds of SMEs of all sizes and experience through the same process, so feel free to get in touch. We offer a quick and simple step by step process so you can get Cyber Essentials certified today.