What are the 5 key controls of Cyber Essentials
- 8th May 2017
- Posted by: Mark Dodds
- Category: Security
We’ve recently been covering the importance of cyber security in your organisation. From reducing the risk of valuable data being leaked to avoiding serious fines, cyber security is a hugely discussed topic for businesses. The Government-led scheme – Cyber Essentials – is designed to be a benchmark of cyber security and to develop awareness for businesses. In this blog, we’re going deeper into cyber essentials and the 5 key technical controls that a business is assessed on.
What are the 5 key controls?
In quick summary, the 5 controls of Cyber Essentials are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Boundary Firewalls and Internet Gateways
This control will apply to every business where employees have access to the internet. Internet gateways and firewalls will identify and prevent unwanted traffic gaining access to your network, computers, and systems. The controls you need to apply will include changing any default/admin passwords, ensuring firewalls are properly set up, etc.
A newly installed computer or piece of software is never properly configured with its factory settings. This means if you carried on using a device on its default settings, it is open to cyber risks. All computers and network devices should be configured to reduce risk. This will include reducing or removing unnecessary software and changing default settings and passwords.
A huge number of data and cyber breaches occur from abuse of administrative user accounts in a business. Organisations and businesses should aim to only let certain individuals have special access privileges according to their position and responsibilities. Companies can look to manage this by performing a number of controls, such as having unique usernames and passwords, and keeping all account information in a secure, protected location.
Where computers and systems are exposed to the internet, they will need to be protected from malware. Malware is a programme, or virus, that has been coded with the intent to perform unauthorised actions on one or more computers. Organisations should at a minimum look to protect all computers that are connected to the internet via cable or wireless. Other actions include having up-to-date malware software as well as setting regular scans (daily) to ensure early detection of malware.
As with any software, there are often regular updates released to add more features and improve performance. If there are any vulnerabilities in software that hasn’t been updated, this can become a weak spot that can be used to gain access to networks and computer systems. Organisations and businesses should ensure the following: remove out-of-date software, and ensure all security patches are updated soon as they are available.
If you would like any further information on how cyber essentials could help prevent up to 80% of common cyber attacks, please get in touch with us today.