We're now Cyber Essentials certified!
Cybercrime is one of the hottest topics of 2017. With major cyber attacks hitting organisations as large as the NHS, it's important for businesses to protect themselves as best they can. As an accredited supplier under the G-Cloud framework, Silver Lining faces particular pressure to maintain airtight cyber-security. Today, we're pleased to announce that we are now Cyber Essentials certified, meaning we have achieved the five recommended controls for optimal security both within our business and by extension within the services we provide to our customers.
The five Cyber Essentials controls
It's important to note that Cyber Essentials is not the be-all and end-all for cyber security. Guarding against any and all internet incursions is nigh impossible, with the most severe attacks utilising social engineering and stealthy deployment techniques to bypass even the smartest software-based countermeasures. The Cyber Essentials framework does however set out five controls which, when properly implemented, should safeguard a business against the majority of low to mid-level threats found online. The framework also implements best practices for mitigating the risk and effect of the aforementioned severe cyber attacks. The five controls are outlined below; this information is freely available and recommended reading for businesses of all sizes, so it should be of interest to any company wishing to achieve a solid foundation of cyber security.
Boundary firewalls and internet gateways
This control is about securing our internal network against unauthorised access from the internet. Through implementation of secure firewalls, configured to only allow through trusted traffic and to block known vulnerable protocols, attacks based on exploiting weaknesses in a network from the outside can be prevented. Firewall configuration starts with setting a strong administrator password, and extends to creating numerous ”firewall rules” to maintain precise control over incoming and outgoing connections.
This control covers the process known as “system hardening”. Out of the box, computers are typically configured to be easily set up and networked, or ”plug and play”. Unfortunately this setup is often riddled with inherent vulnerabilities: redundant user accounts, unnecessary permissions for users and programs, enabled network protocols that pose a security risk, and many other issues. System hardening simply involves removing and disabling these features to reduce risk wherever possible.
User access control
This control boils down to the “principle of least privilege” - that a user or program on a network should only have the permissions required to carry out its appointed task, and nothing more. User permissions should be configured on a fine-grained level across the company network, all user accounts should be secure and credentials shouldn’t be shared, and accounts with administrative privileges should be kept on strict lockdown. This greatly reduces the risk of “rogue agents” exploiting their elevated privileges, and also mitigates the threat posed by compromised systems.
This control is software-based. Malicious software makes its way onto computers in all manner of ways; through compromised websites, infected files online or on removable storage, and deceptive email links or attachments. Having robust and regularly updated protective software to eliminate these threats in the key to achieving this control. Anti-malware applications should be kept up-to-date, and configured to automatically scan files on access and regularly scan the entire file system, and should also block access to known malicious websites. These applications should safeguard any and all devices connected to the Internet.
No software is perfect; the bigger and more regularly altered a piece of software is, the more likely that vulnerabilities and exploits will be discovered. Developers of applications keep an eye out for these issues and release security patches to fix them. It’s important, therefore, that all programs across the network are kept up-to-date with the latest security patches. In the event that a piece of software is no longer being supported by its developers, it should ideally be removed from the network and a suitable replacement found, as if any vulnerability is found in this software it is unlikely to ever be resolved.
With these five controls under our belt, we’ve established a solid foundation for cyber security. We’ve already implemented these controls within our business, and our aim is to ensure that our customers achieve the same degree of network security and stability. We’re now working towards the advanced Cyber Essentials Plus accreditation, so watch this space for further news on that.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.