Technical Assistance with Cyber Essentials, Cyber Essentials Plus and ISO 27001

by | 23rd December 2022

The Challenge:  

How do you keep your company’s “cyber hygiene” healthy?  

The UK Government’s Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2021 confirmed the awareness of Cyber Essentials among businesses stood at 14% with only 4% of businesses recognising adherence to Cyber Essentials.  

How can you independently verify your company meets industry standards for cybersecurity and your Information Security Management System (ISMS) is compliant?

How do you stand out as a company that focuses on cybersecurity compliance?

The Solution:  

The United Kingdom Government due to the risks of cyberattacks on UK companies, put into place the Cyber Essentials scheme, mitigating risks if companies followed basic security measures.

You receive a certification showing you meet cybersecurity industry standards.

Cyber Essentials involves 5 key controls:

  • Use a firewall to secure your internet connection.
  • Use secure settings for your devices and software.
  • Control who has access to your data and services.
  • Protect yourself from viruses and other malware.
  • Keep your devices and software up to date.

Firewalls

All devices only connect to the internet through protective firewalls including personal firewalls and dedicated boundary firewalls.

Secure settings

On delivery of new devices or software, security settings need to be increased across the board including passwords enforcement.

Control

Who has access?

To reduce the potential for Cyber Criminals to infiltrate your administration accounts, administrative privileges accounts should only be used for administrative tasks and standard accounts should only be used for general work.

You can prevent infiltration by malware through Antivirus software, only downloading tablet and mobile phone apps from manufacturer-approved stores and running apps and programs in a sandbox.

Your installed apps, software, operating systems should always be kept up to date through patching with a mixture of regularly released updates with new added features and security fixes for any discovered vulnerabilities.

 

The United Kingdom Government’s Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2021 confirms only 1% of organisations recognise adherence to Cyber Essentials Plus standards with only 7% adhering to ISO 27001.

When you register for a Cyber Essentials Plus assessment, you are assessed by a highly trained assessor, assessing whether all the controls you have self-declared in your Cyber Essentials certification have been implemented.

The Cyber Essentials Plus audit process involves the assessor:

selecting a sample of your devices, auditing whether they are configured in line with the criteria.
performing a vulnerability scan checking all basic configurations and patching are acceptable.
conducting an external port scan of your internet facing IP addresses for any misconfigurations and vulnerabilities.
testing your default email and internet browser configurations, seeing if they can prevent Cyber Criminals executing fake malicious files.
providing 30 days for you to remedy any issues they identify.

ISO/IEC 27001 Information Security Management provides the requirements for your Information Security Management System (ISMS) helping your company manage the security of your employees’ data and any client information.

ISO/IEC 27001:2013 your Information Security Management System (ISMS) is integrated into your processes and management structure, with information security being considered in the design of every process, information system and control, scaled to your needs.

The Outcome:  

You can independently demonstrate you are compliant with cybersecurity industry standards.

 

Call Chalkline today on 020 3819 3300 or review our IT Security Packages for SMBs page and book a meeting with us, we can help with all elements of cyber hygiene and answer any questions you might have.

Other Posts from Chalkline