The escalation of cybercrime statistics is a worrying trend. Attacks affect everyone from essential services such as the NHS, to multinational businesses, SMEs, and private individuals. Each year, cybercrime causes significant financial losses and reputational damage.
As business is increasingly conducted online, Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
Are you prepared?
In our post-pandemic digital age, most businesses conduct their business online, using systems, networks, software, and apps that instantaneously connect them to every corner of the world.
While this connectivity enables business operations from anywhere, this increased use of connected platforms presents increased risks.
Technology is advancing at a rapid pace. As our use of it evolves, so does cybercrime and how criminals capitalise on vulnerable security systems for their gain.
Un-targeted cyber-attacks such as phishing and ransomware have seen rampant growth in the last 2 years as more opportunities present themselves to cybercriminals. Reports of ransomware attacks increased over 3000% from 171,000 in 2019/20 to more than 5.5m in 2020/21 (Source: ActionFraud).
While the importance of cyber security increases, many are still unaware of measures they can implement and actions they can take to mitigate risk, combat crime, and protect their future.
The reality is, that the best way for businesses to protect themselves against cybercrime is to invest in cyber security.
SupPortal UK’s top 5 controls to improve your company’s cyber security.
1. Firewalls
All connected devices run network services, which communicate with other devices and online services. By restricting access to certain services, you will reduce your exposure to attacks. This can be achieved by using firewalls and data flow policies.
Firewalls can restrict network traffic and protect against cyber-attacks by blocking traffic according to a defined set of rules. A firewall should protect every device that accesses your network.
2. Secure Configuration
Brand new, out-of-the-box computers and devices aren’t always secure in their default configurations. They often include weak points such as admin accounts with insecure passwords or coming without multi-factor authentication enabled.
Default installations provide cyber criminals with easy opportunities to gain access to an organisation’s sensitive information. Applying some technical controls when setting up your computers and devices can minimise vulnerabilities and increase your protection against cyber-attacks.
3. User Access Control
User accounts are often necessary for device access and internet-based services. Every active user account facilitates access to sensitive business information. By ensuring that only authorised individuals have accounts and are granted only as much access as they need to perform their role, you reduce the risk of information being stolen or damaged.
All user accounts should be protected with multi-factor authentication. Passwords should be strong with minimum password lengths of 12 characters, and a password deny list should be used to automatically block the use of common passwords, such as “Password123!”.
4. Malware Protection
The act of downloading software and files from the internet can expose a device to a malware infection. Malware, such as viruses, worms, and spyware, is software that has been written and distributed with malicious intent.
Potential sources of malware include email attachments, app downloads, and the installation of unauthorised software. If your systems get infected with malware, you will likely suffer from data loss, malfunctioning systems, and ongoing infections.
5. Security Updates
Any device that runs software can be exposed to vulnerabilities that are regularly discovered in all software. Once found, malicious individuals move quickly to exploit them. They use the weaknesses in software to attack computers and networks.
Using only licensed and supported software and enabling automatic updates will protect your business from many potential cyber-attacks.
With the Government Cyber Essentials scheme, it is easier and more affordable for businesses to protect themselves.
What is the Cyber Essentials scheme?
Cyber Essentials is a simple, yet effective Government approved scheme that helps protect organisations from the most common cyber threats.
By holding a Cyber Essentials certificate, you demonstrate your commitment to IT security, whilst also protecting your business and your clients from the potentially devastating effects of an attack.
Certification gives you peace of mind that your defences will protect you, simply because the most common attacks look for targets which do not have these technical controls in place. Cyber Essentials shows you how to address the basics and prevent the most common attacks. Should you wish to enhance your certification, you can choose Cyber Essentials Plus, which still has the Cyber Essentials Trademark and approach, but with Cyber Essentials Plus, a hands-on, technical verification is carried out.
Why should you get Cyber Essentials?
Cyber Essentials certification provides you with certified cyber security. It reassures customers that you are working to secure your IT systems against cyber-attacks. It helps attract new business and provides you with a clear picture of your organisation’s cyber security level.
If you would like to bid for central government contracts which involve handling sensitive and personal information, you will require a Cyber Essentials certification.
How much does it cost for a Cyber Essentials Assessment?
With SupPortal UK, Cyber Essentials Certification costs from £300 p.a. and Cyber Essentials Plus costs £1100 p.a.
About SupPortal UK
SupPortal UK offers over 25 years of experience in the IT industry. We work with companies of all sizes to reduce their vulnerability to cyber-attacks. We focus on protecting customer data due to the rise of cyber security issues. Today, we offer a range of services including Cyber Essentials and Cyber Essentials Plus certification and IASME Governance. To complement this, we also undertake Penetration Testing, Vulnerability Assessments and Cyber Security Audits.