Look back 6 months and companies all over the UK were in a mild panic about the impending General Data Protection Regulation that was about to come into effect. Re-opt in emails were flying everywhere, companies were cleansing their data, DPOs were being appointed and no one was quite sure what would happen.
Six months on the panic has died down, and companies are getting used to working in the post GDPR environment. Work practices have changed, companies now ensure that compliance is maintained, data is streamlined and only retained where necessary. Data processing has returned to being focussed only on the original purpose of collection.
Now some companies are left wondering if they have done enough or whether there are further changes left to make. With the likes of Facebook and British Airways suffering high-profile data breaches and the first GDPR fines having been handed out companies are wondering where their weaknesses lie.
For those companies looking to work with government bodies a basic level of data protection is not sufficient. In fact, on several recent Government invitations to tender it has been recommended that those looking to apply have a Cyber Essentials accreditation.
Cyber Essentials was launched 5 years ago and is a government backed scheme with the goal of helping organisations to take steps towards protecting themselves against common cyber-attacks. The Cyber Essentials scheme helps organisations to protect the confidentiality, integrity and availability of data stored on devices which connect to the Internet.
It is not just your own cyber security you should be concerned about. If you are looking to work closely with another company, it is good to be informed about their level of data protection. You can now access a database of all cyber essentials accredited companies to
As a first step towards accreditation the checklist below should be a minimum requirement for all companies. Once you are confident that your organisation is covered for all of the below you can then work towards your Cyber Essentials certificate. The process of certification has been designed to be light weight and easily manageable while at the same time providing a respected standard in cyber security.
- Use a firewall to secure your internet connection
- Understand what a firewall is
- Understand the difference between a personal and a boundary firewall
- Locate the firewall which comes with your operating system and turn it on
- Find out if your router has a boundary firewall function. Turn it on if it does
- Choose the most secure settings for your devices and software
- Know what ‘configuration’ means
- Find the Settings of your device and try to turn off a function that you don’t need
- Find the Settings of a piece of software you regularly use and try to turn off a function that you don’t need
- Read the NCSC guidance on passwords
- Make sure you’re still happy with your passwords
- Read up about two-factor authentication
- Control who has access to your data and services
- Read up on accounts and permissions
- Understand the concept of ‘least privilege’
- Know who has administrative privileges on your machine
- Know what counts as an administrative task
- Set up a minimal user account on one of your devices
- Protect yourself from viruses and other malware
- Know what malware is and how it can get onto your devices
- Identify three ways to protect against malware
- Read up about anti-virus applications
- Install an anti-virus application on one of your devices and test for viruses
- Research secure places to buy apps, such as Google Play and Apple App Store
- Understand what a ‘sandbox’ is
- Keep your devices and software up to date
- Know what ‘patching’ is
- Verify that the operating systems on all of your devices are set to ‘Automatic Update’
- Try to set a piece of software that you regularly use to ‘Automatic update’
- List all the software you have which is no longer supported
If you think you are ready to apply for your Cyber Essentials accreditation Premier Choice are well prepared to help you pass the certification process having already helped over 20 companies to do so. And as an extra incentive until the end of the year there are some great offer on the Cyber Essentials Plus certification. To find out more about the Cyber Essentials accreditation or Cyber Security in general contact us on [email protected] or 020 3904 3464