Cyber Essentials – Overcoming the threat

Technology has become an indispensable part of our lives. Whether it be smart phones, computers, or the wider internet as a whole, these tools have become so ingrained in our everyday activities that it’s almost impossible to imagine living without them. From online banking and shopping to social media and email, technology is helping us stay connected and perform better than ever before.

As technology continues to evolve and improve our lives, so too do the cyber security risks associated with it. Cyber criminals can tap into our networks and access sensitive information leading to devastating consequences. This is why it’s more important than ever to take steps that can prevent cyber criminals getting hold of our accounts, data and devices.

At Ecovis, we take our cyber security responsibilities very seriously. As a Cyber Essentials certified organisation, we ensure we implement the necessary measures to guard against cyber threats and protect our company against a whole range of cyber-attacks. By defending our internet-connected devices and services from malicious attacks by hackers, spammers, and cybercriminals, we can protect our firm against phishing schemes, ransomware attacks, identity theft, data breaches, and financial losses.

What is the Cyber Essentials certification?

Cyber Essentials is a government-backed, globally recognised scheme designed to help organisations guard against cyber-attack and demonstrate commitment to cyber security. The requirements are specified under five technical control themes which our IT infrastructure needs to meet.

1. Firewalls: To make sure that only secure and validated online traffic is flowing in out of our network.
2. Secure configuration: Ensure that computers and network devices are properly configured to:
   • reduce vulnerabilities using an antivirus software
   • provide only the services required to fulfil their role
3. Security update management: Ensure that devices and software are not vulnerable to known security issues for which fixes are available.
4. User access control: Ensure that user accounts:
   • are assigned to authorised individuals only
   • provide access to only those applications, computers and networks the user needs to carry out their role
5. Malware protection: To restrict execution of known malware and untrusted software, from causing damage or accessing data.

What do I do on any given day?

As our IT Manager, it is my role to identify potential threats and protect our valuable data. There are a few security related activities I carry out to safeguard our computer systems and networks, which include:

• Deploying Multi-Factor Authentication as an added layer of security
• Securing user Passwords via Password Complexity Policies
• Installing Regular Hardware and Software patches to keep infrastructure up to date
• Running antivirus software on all workstations and servers
• Using firewalls to prevent unwanted traffic from entering the company network
• Avoiding phishing scams using mail filtering services and educating users

A few best practices

We are all aware that cyber-attacks are continuing to grow, so it’s important that organisations and individuals protect themselves against most types of threats. Here are a few best practices we recommend you follow:

• Use a VPN to isolate your connection to work, especially when working on public wifi connections
• Disable Bluetooth connection when you are not using it to avoid unwanted connections.
• Before clicking on links, check the links to make sure you know what you are clicking on
• Double-check the HTTPS on websites
• Be cautious of phishing scams
• Do not be lethargic with your passwords – do not use the same password for multiple services!
• Use password manager
• Use strong passwords
• Scan external devices for viruses using an antivirus/security software
• Store sensitive information in a secure place using security permissions/managed access
• Use a security file-sharing solution to encrypt data
• Use Antivirus and Antimalware software on devices that store sensitive information
• Enable two-factor authentication
• Keep software up-to-date
• Backup your data

As the steady rise in cybercrime highlights the flaws in devices and services we’ve come to depend on, it’s more important than ever for us to defend all assets, from computers and smartphones to networks and databases, from attacks. If you would like to learn more about steps you can take to protect your business, please feel free to get in touch.