Don't be a Victim

Be Cyber Essentials Certified

Cyber Essentials Certification

Protect your organisation against cyber attack

Business operates in new era of open connectivity that allows vital information to flow quickly and processes to be more efficient. Users work from home, branches synchronise with central servers often in the cloud, software exchanges information over the web using API’s, virtually everyone has email to their smart phone … but with these benefits there comes risk.

For every point of connection there is a potential for a security breach. Ransomware is a widespread problem that can stop an organisation in its tracks and potentially kill a small business, targeted virus infection is a regular threat. So what can be done to stop or at least limit this risk?

Protect your organisation against cyber attack

The UK government and industry have worked together to produce a National Cyber Security Strategy that defines a new level of certification; Cyber Essentials Certification. The objective is ‘to make the UK a safer place to conduct business online’ and to improve the defences of UK organisations and demonstrate publicly their commitment to cyber security. To that end all organisations that bid for government contracts which involve handling of sensitive and personal information MUST be Cyber Essentials Certified.

What Does It Cost?

The Cyber Essentials Certificate is issued when you can confirm that your network security meets the required level to be certified and you have completed the questionnaire to describe how this has been done. There is a standard charge of £300 from the certification body that processes your application and issues the certificate. AMAS IT charges a one day standard fee of £750 plus vat for includes testing your network security and taking any remedial steps required to improve network security. Once your network meets the required standard we complete the documentation and have the certificate issued.

What does Cyber Essentials Certification actually do?

It is a series of tests and checks that looks to make sure your network is secure from external attack. Once these tests are passed and your network security documented you become Cyber Essentials Certified and have the right to use the official logo on your website and documentation.

The areas that are tested for compliance can be roughly divided into five categories:

A firewall creates a security buffer between your IT network and external networks. Within this buffer zone, incoming traffic is analysed and harmful or unapproved traffic blocked or rejected.

Often a firewall strategy can incorporate both software firewalls to protect individual devices and hardware firewalls to filter traffic at a network level.

The default configurations of new software and devices tends to be ‘open’. This helps with the initial setup but can leave some unfortunate gaps in your security.

Devices and software needs to be checked; unnecessary functions and user accounts disabled and default passwords changed.

Passwords should be complex and where web applications contain confidential information, you should use two-factor authentication (2AF) which typically involves a code sent to your phone to allow login.

To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.

Accounts with administrative privileges should only be used to perform administrative tasks.

Standard accounts should be used for general work. By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised.

An up to date anti-virus system with wide scope malware protection is vital. This will stop most types of attack which often come from email attachments, a malicious website, a USB stick or storage drive attached to your laptop; even from a phone connected to your network to use the internet.

Many AV solutions include ‘sandboxing’ that allows you to run suspicious applications within an isolated environment, protecting your wider network.

No matter which phones, tablets, laptops or computers your organisation is using, it’s important they are kept up to date at all times. This is true for both Operating Systems and installed apps or software.

Manufacturers and developers release regular updates (patches) which not only add new features, but also fix any security vulnerabilities that have been discovered.

Applying these updates (a process known as patching) is one of the most important things you can do to improve security. Operating systems, programmes, phones and apps should all be set to ‘automatically update’ when possible to get the latest protection as soon as the update is released.

However, all IT has a limited lifespan. When the manufacturer no longer supports your hardware or software and new updates cease to appear, you should consider a modern replacement. This is particularly true at the moment as we approach the end of life on the still widely used Windows 7 Operating System (End of life is January 2020)


CYBERUK Glasgow 2019

CYBERUK was in Glasgow for 2019 giving the cyber security community a chance to meet, discuss business needs, review the changing threat landscape and clarify responsibilities… and of course a chance to catch up with old friends and enjoy an overprices beer!

World-Class Cyber Security

CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.