The Cyber Essentials Scheme has been developed by the UK Government to help businesses deal with the critical issue of cyber security. All organisations are potential targets for cyber criminals: cyber attackers use a range of sophisticated techniques to find known vulnerabilities in your software, hardware and applications, making your business and employees vulnerable to an attack.
Cyber Essentials provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security.
From 1 October 2014, government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.
Cyber Essentials Compliance
Compliance to Cyber Essentials requires the completion of a questionnaire containing 47 controls. All of these controls need answering and many can be fulfilled by using the Sec-1 Ltd Cyber Essentials Installation and Configuration service in conjunction with a WatchGuard UTM Firewall Solution.
Boundary Firewalls and Internet Gateways
- Do you have firewalls at all boundaries and gateways to your network?
- Are your firewalls set to restrict inbound and outbound traffic to only authorised connections?
- Are firewalls set to a default deny-all policy?
- Are proxy servers used to provide controlled access to the Internet for relevant machines and users?
- Are Internet access (for both web and mail) log files retained?
- Are users authenticated using suitably strong passwords, as a minimum, before being granted access to applications and computers?
- Has anti-virus or malware protection software been configured to scan files automatically upon access (including when downloading and opening files, accessing files on removable storage media or a network folder) and scan web pages when accessed (via a web browser)?
- Are users prevented from executing programs from areas of the disk to which they have write access?
- Have all security patches for software running on computers and network devices that are connected to or capable of connecting to the Internet been installed within 14 days of release or automatically when they become available from vendors?
- Do you perform regular vulnerability scans of your external network to identify possible problems and ensure they are addressed?