What are the 5 key controls of Cyber Essentials?

If you want to protect your organisation (or protect your reputation and get to work on bigger projects, e.g. with the government) , the UK government-backed Cyber Essentials scheme is the perfect place to start.

This scheme gives you clear guidelines for the steps you need to take to protect your organisation from the majority of cyberattacks.

To do this, it includes five key “controls” that cover the main parts of organisation cybersecurity.

Whether you’re a new startup or an organisation keen to protect what you have and grow, implementing these controls is the way to begin the journey towards doing it.

What is Cyber Essentials?

Cyber Essentials (and Cyber Essentials Plus) is a certification scheme that shows an organisation has taken the basic steps required to achieve a certain standard of cybersecurity protections. Organisations that want to display the standard are assessed every year.

The scheme takes advantage of the fact that, while numbers are growing, most cybercriminals aren’t highly motivated hacktivists seeking to make a point or state-sponsored agents. They’re people looking for the “low-hanging fruit” of poorly protected organisations to exploit for financial gain.

Cyber Essentials helps you make it clear that fruit is not you.

What are the five controls?

1) Firewalls

The place to begin when it comes to securing your networks from outside influences, firewalls take some knowledge to set up correctly, including the right permissions and firewall rules.

2) Malware protection

Malware is one of the fastest-growing types of contemporary cybersecurity threats. This means having malware protection installed is vital in the modern age.

Tools that protect your organisation from viruses, spyware, ransomware, and more also need to be properly installed, regularly updated, and properly integrated with your other protections if you’re to meet the standards of the Cyber Essentials scheme.

3) Secure configuration

Poorly configured web servers and application servers are something else that can be exploited by cybercriminals to access your system.

Often overlooked by those without cybersecurity expertise, they need to be correctly configured if you want to prevent people who shouldn’t have access to your system from being able to get in.

4) User access control

This boils down to ensuring only the people who actually need to have access to your systems and the data they hold have it.

It might be simpler for your everyday operations if everyone is able to access all your systems. But the harm that a hacker can do with your administrator privileges means Cyber Essentials rightly considers restricting access to those who need it to be critical in protecting your organisation.

5) Patch management

That need for regular updates might be annoying. But when it comes to cybersecurity, making sure software is patched to the latest version is vital.

Cybercriminals are always working to exploit known vulnerabilities of popular software and word of what they are spreads like wildfire. Keeping your software patched to the latest versions needs to be a planned and managed process.

Don’t let hackers in by an old version of a program you’ve forgotten about.

The extra final secret control – team training

Those are the five key controls included in the Cyber Essentials scheme. But there’s one control that is just as important as most of the others. That’s your team and the level of training they have.

Because modern cybercrime isn’t just the software-based “hacking” familiar to us from so many movies. Modern cybercriminals are often more likely to use social engineering techniques – strategies designed to exploit human error.

So the final cybersecurity control that Cyber Essentials only really touches on is proper staff training. It’s the final basic step to take if you want to protect and grow your business moving forwards.

Looking to update your business’s cybersecurity?

Let’s talk. Dial A Geek is a cybersecurity expert who helped nearly 1000 businesses in and around Bristol with their tech.

Set up a cost and commitment-free consultation with Chief Geek Gildas Jones today to talk through what getting Cyber Essentials would mean for you.