In partnership with IASME, Cyber Essentials represents the UK Government’s minimum baseline standard for cyber security for organisations of all sizes in the UK. With a Cyber Essentials certification, your charity demonstrates that it’s actively protecting itself and the data it holds by implementing the most important cyber security controls.
Most cyber criminals are opportunists looking to take advantage of easy and vulnerable targets. Like neighbourhood burglars, they identify targets by looking for easily exploitable weaknesses within your charity’s security systems and networks. They understand one fact; most organisations hold valuable data worth stealing, including those held by your charity.
Being Cyber Essentials certified will help address these. By employing the five controls within the scheme, you’ll be able to address vulnerabilities and weaknesses within your network before criminal hackers can exploit them.
What are these five controls?
1. Security update management
Most devices and software are susceptible to technical vulnerabilities. Once these vulnerabilities are publicly available, threat actors can rapidly exploit them and leave companies vulnerable. It’s important you regularly patch or update your software and applications. These will remedy the most likely targets and well-known vulnerabilities.
2. Firewalls
Firewalls stop unauthorised access to and from private networks, protecting your charity from external threats. Boundary firewalls and Internet gateways allow you to limit access to your network and control user-access to online endpoints.
3. Secure configuration
Web and application server configurations are critical for your charity’s cyber security. Failure to manage the proper configuration of your servers can lead to a wide variety of security problems.
Also ensure all your software is both supported and licensed; if it isn’t, upgrade or remove it.
4. User access control
Access control restricts access to your data and systems.
By keeping access minimal, you minimise the risk of information misuse and privilege creep in the network of users. This ensures that if an attacker should gain access to a legitimate user’s account, they can access as few resources as possible.
5. Malware protection
Malware can cause problems including stealing sensitive data, corrupting files, and/or blocking access. Protecting against a broad range of malware can save your organisation a huge amount of money and protect your reputation with donors and your service users.
As an IASME-partnered Cyber Essentials certification body, MASS can help you attain Cyber Essentials certification at a discounted price this October. Email – cyber-essentials@mass.co.uk to book an assessment with one of our experts.
