What is the Cyber Essentials Scheme?
The recent changes to the Cyber Essentials Scheme encourage UK businesses to further strengthen their cybersecurity and protect their best interests.
What is the Cyber Essentials Scheme?
It’s a certification scheme that was introduced in 2014 by the UK Government in order to support businesses in improving their cyber security and help make the UK one of the safest countries to do business. It is managed by the NCSC (National Cyber Security Centre) and guides UK businesses on how they can safeguard their IT operations.
Why should business owners be concerned about these changes?
The recent changes to the Cyber Essentials Scheme are of high importance to all organisations in the UK, regardless of whether their organisation is already Cyber Essentials certified or planning to get the certification in the near future. It’s also crucial to take note of these recent changes if you are planning to do a merger or acquisition, perform supply chain diligence or simply looking for reliable business partners.
What changes have been made to the Cyber Essentials Scheme in 2022?
Home working devices: All the home based devices used by the employees for office work, whether they are smartphones, tablets or laptops, will now come under the scope of the security recommendations shared in the Cyber Essentials Scheme. As a result, both the employers and employees will need to ensure that the firewall settings on their home working devices comply fully with the guidelines shared in the Cyber Essentials Scheme, if they’re serious about maintaining their compliance.
Endpoint devices:It was a common practice for organisations to certify only their server systems and ignore the need for including end user devices in their security assessment exercise. The recent change has made it compulsory to ensure the security of endpoint devices, in an effort to avoid any loopholes that hackers can take advantage of.
Multi-factor authentication:Implementing MFA or multi-factor authentication is now an important requirement for maintaining compliance with the Cyber Essentials Scheme in 2022 and beyond. The reason is that MFA provides an extra layer of security on top of password protection and makes it very difficult for bad actors to hack a user’s account and infiltrate into the corporate network.
Software updates:In an effort to reduce the security risk for businesses, the NCSC has made a security recommendation that requires IT administrators to install newly released high/critical risk software updates within 14 days of their release.
Account separation:Employees should use separate accounts for office work and avoid using those accounts for standard user activities, like browsing the web or checking social media, which might expose the corporate network to vulnerabilities. By maintaining separate accounts and practising online hygiene, they can greatly reduce the risk of cybersecurity incidents.
Questions?
020 3637 6095
support@geekheads.co.uk