Launched almost a decade ago, Cyber Essentials is a government-backed set of IT security standards, designed to help organisations minimise the risk of cyber attacks.
Cyber Essentials also helps businesses demonstrate to interested parties (such as their customers) that they are operating within certain standards.
In order to keep abreast of ever-evolving cyber threats, Cyber Essentials requirements are regularly reviewed. Last month the National Cyber Security Centre (NCSC) published an updated set of requirements which will come into force on 24 April 2023.
The changes include:
- All cloud-based user accounts to be protected by multi-factor authentication (MFA). There was previously a grace period for this point – that is now removed.
- No software to be in place which is not supported and protected by the manufacturer (eg. old versions which no longer receive security patches).
- All terminals used in Remote Desktop environments need to be receiving security updates.
- Malware protection must be active on all devices. The software must be active, kept up to date in accordance with the vendors’ instructions, and appropriately configured.
- Asset Management. Although not a compulsory requirement, asset management should be considered as a core security function that supports various business operations, and one that helps in tracking and controlling devices as they are introduced into the business.
- The enhanced level of Cyber Essentials – Cyber Essentials Plus – includes external testing of systems. The testing methodologies are changing, most notably with a refreshed set of malware protection tests.
To find out more about Cyber Essentials, including the forthcoming changes, more information is available from the NCSC (please click here) or please call us, or enter your contact details here.