Cyber Essentials is Changing in 2020

Cyber Essentials is Changing in 2020

Cyber Essentials is 5 years old and the National Cyber Security Centre (NCSC) has reviewed the scheme. They will be looking to improve it by appointing a new Cyber Essentials Partner in order to ensure that Cyber Essentials keeps pace with the changing nature of the cyber security threat and remains relevant.

The aim is to:

    • refresh the service
    • increase accessibility
    • provide a simpler path to certification

The current system is administered by several Accreditation Bodies and this has brought about a lack of consistency and added complication. To simplify it there will only be one. The new partner has not been appointed yet, but the new system is expected to be in place by April 2020.

Cyber Essentials is required by Government to be affordable and accessible and the new system will have to meet these requirements.

There are currently 5 Accreditation Bodies operating the scheme on behalf of the NCSC and each one appoints a number of Certification Bodies with the knowledge, training and experience to be able to review and assess Cyber Essentials applications. iTeam is a Certification Body through the IASME Accreditation Body.

As we do not know what the new system will look like it is difficult to predict whether iTeam will continue to be a Certification Body with the new Accreditation Body but whatever happens Cyber Essentials will continue to exist. It is not necessary for iTeam to be a Certification Body for us to continue to provide our Total Secure Systems Management (TSSM) cyber security add-on to our support contracts and continue to get ourselves and our clients Cyber Essentials certified.

Other non-Certification Body MSPs use third parties to certify their clients. Services are being developed to certify in a different way, for instance rather than having us to complete your questionnaire once a year it may be possible to run an application to constantly assess your compliance.

One good thing is that the refresh of the Cyber Essentials scheme will give it better visibility in the business community and encourage more organisations to adopt it which means we will all be safer.

David Hewett
Managing Director
iTeam Solutions Ltd

5 Tips to Secure Your Office

5 Tips to Secure Your Office

When thinking about securing your business from cyber threats, the mind quickly turns to phishing, hacks and viruses, but there are many security threats in and around the office that can expose your business to a host of threats and cybersecurity issues. In conjunction with a solid cybersecurity solution provided by your MSP, be sure you and your employees follow these office tips to protect your physical workspace from system comprises, unauthorised breaches and data loss.

1. Unlocked devices

Mobile phones, laptops, desktops, tablets and even printers/multi-function devices should all be locked and password protected when unattended, as these (and any other) network-connected devices can be comprised, allowing for unauthorised access into your system or unauthorised removal of data from it. Even though most devices lock/power down after idling for some period of time, create an office culture where locking devices becomes second nature for all employees. It’s not that you don’t trust your colleagues, it is just being safe.

2. USB Drives

USB drives pose a host of security issues and we don’t like them at iTeam. Unknown drives should never, ever be used, as they could easily contain hidden malware or spy software that could steal data or install ransomware on your network. However, those drives that you do use for normal business functions must be recorded and kept under lock and key so they are not compromised with malware, misplaced or stolen. USB drives make it far too easy for curious eyes or unauthorised users to get a peek into sensitive or confidential business information and are unfortunately left behind in public places (airports, coffee shops, etc.). Make sure any and all USB drives used in your business are cataloged and their whereabouts known at all times—or perhaps look to cloud solutions for sharing/transporting data and ban the use of them completely.

3. Paper Documents

What may be innocuous to your employees could be valuable to others who want to infiltrate your systems. At the end of the day, be sure that papers, reports, financial records and any other proprietary data is off the desks and locked away. When they are no longer needed, shred any documents with financial records, proprietary data or confidential information. And of course, to minimize the problem, go paper-free wherever possible.

4. Passwords

It’s a common occurrence, even in the face of many strict cybersecurity policies, but many employees use notes or cheat sheets for the various usernames, logins and passwords they require for day-to-day work. Nothing could defeat the purpose of a password more easily than doing this, and leaves the door wide open to anyone who accesses your office to gain entry into your network and systems. We recommend the use of a software-based password management system to prevent this risky behaviour. It may not be as quick to access those important passwords as writing them on a sticky note, but is far more secure so just get used to doing it.

5. Wallets and Keys

Just as easily-accessed passwords are a threat, wallets and keys that are left on desks during meetings, bathroom breaks, lunches, etc., can all leave your business exposed to unauthorized entry. Pay special attention to this if there are areas of your business under lock and key, or if ID/keycards are used, as these are typically kept in wallets. Lost keys and access IDs can quickly lead to tampered or duplicated methods of access, so if need be, offer lockers or secure places where employees can store their personal belongings while they work.

So as well as considering technical measures to guard against cyber threats, consider these security best practices. They are largely not about spending money but changing your workplace culture to become more aware of how physical security and cyber security can help protect your business.

I’m always happy to talk about how iTeam might be able to help you look after your data and systems more securely. Please get in touch if you think we can help.

David Hewett
Managing Director
iTeam Solutions Ltd