The Principles

Cyber Essentials helps prevent the vast majority of cyber-attacks. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cashflow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. It could also be reported in the local media. Loss of data could breach the Data Protection Act and lead to fines or prosecution.

Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts.

 

The Key Controls

Cyber Essentials is built around 5 Key controls, these are;

 Firewall  

Boundary Firewalls and Internet Gateways
These are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.

 Secure Configuration  

Secure Configuration
Ensuring that systems are configured in the most secure way for the needs of the organisation.

 Access Control  

Access Control
Ensuring only those who should have access to systems, have access and at the appropriate level.

 Malware protection  

Malware Protection
Ensuring that virus and malware protection is installed and is it up to date.

 Patch Management  

Patch Management
Ensuring the latest supported version of applications are used and all the necessary patches supplied by the vendor been applied.