1.  Use a firewall to secure your internet connection

One of the most essential ways of securing your business is by having a software firewall on all devices and a firewall on all access points. This creates a ‘buffer zone’ between your IT network and external networks.

We also recommend that any home workers use a private internet connection and have a firewall on the router.

The Cyber Essentials requirement:

You must configure and use a firewall to protect all your devices, particularly those that connect to public or other untrusted Wi-Fi networks.

2.  Choose the most secure settings for your devices and software

The default settings on new software and devices is usually set, by manufacturers, to be as open and accessible as possible. This makes them easily connectable and usable. Unfortunately, these settings also make it so much easier for cyber attackers to gain access and exploit your systems.

Our advice? We suggest that your settings are checked and changes are made to raise the level of security. For instance, some changes that need doing are removing any functions, accounts and services which are not required.

Passwords and two factor authentication should also be used on any and all devices which have access to business data (e.g emails).

The Cyber Essentials requirement:

Only necessary software, accounts and apps are used. If you would like more information on choosing passwords, search www.ncsc.gov.uk  for ‘password’.

3.  Control who has access to your data and services

User control is a huge part of many certifications and awards such as Cyber Essentials, IASME and ISO 27001. Check all privileges that your staff have and make sure that only the necessary users have permissions to be an ‘admin’ (i.e. have access to most things and be able to make changes).

Due to the nature of an ‘admin’ account being able to access everything and anything, the risk of them being compromised is much higher than a standard account, used for general day to day work.

The Cyber Essentials requirement:

Control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled.

4.  Protect yourself from viruses and other malware

Malware and viruses are one of the biggest risks to your business and its data. By ensuring that all your systems have a comprehensive endpoint protection, you are minimising the threat to your business dramatically.

The Cyber Essentials requirement:

Implement at least one of the approaches listed above to defend against malware.

5.  Keep your devices and software up to date

Patch management is simply put, making sure all your feature and security patches are up to date. Manufacturers and developers release these updates regularly, to fix any vulnerabilities or feature developments and make sure they can’t be exploited.

All devices should be set to ‘automatically update’ wherever there is the option. We personally recommend that all critical patches, such as security updates, are automatically installed.

The Cyber Essentials requirement:

Keep all your devices, software and apps up to date.

Exclusive offer for Cyber Security month: reduced rate of Cyber Essentials

As a certification body for both the IASME Standard, Cyber Essentials and Cyber Essentials Plus, we can award you with any of the before mentioned certifications.

For this month only, we are discounting Cyber Essentials by £20.

If this is something you are interested in receiving, simply fill in the form below or call us on 0114 223 8000.