It’s no secret that our favourite cyber security starting point is the UK Government backed Cyber Essentials scheme. It’s been around for a few years now and by guiding businesses through the implementation of just five key technical controls, it helps guard against the most common, casual cyber attacks and gives you & your clients confidence in the fundamental security of your IT Systems.
It’s also a great way of setting yourself above the competition when it comes to tender evaluations!
Keen readers of our updates might remember that there was an update of the technical controls within Cyber Essentials last year – driven in part by the changes to how we all used IT during the Covid Pandemic. The shift to remote & hybrid working brought many challenges to UK businesses and exposed them to increased risks from insecure home computers & domestic broadband.
Now there’s lots of things that we can do to help you when it comes to rolling out the most cyber secure way to work remotely. VPNs, email security, anti-malware software and of course certifications so you can demonstrate to your clients that you can – and do – keep their data secure.
Well, our friends at NCSC who run Cyber Essentials have just announced what’s on the way for 2023.
Firstly, there’s an extended grace period for making changes to meet last year’s upgraded specification. Some of these changes are difficult for some organisations to implement so anyone struggling with thin client support, Multi-Factor Authentication (MFA) on Cloud Services or unsupported software now has an extra three months to make these changes and become compliant.
If you’re struggling, book a call with one of our consultants for a free session and we’ll give you some pointers.
What’s happening to Cyber Essentials in 2023 then?
It’s called a light touch update but the sort of changes we’re expecting revolve around:
- Firmware. Currently all firmware counts and has to be updated & supported. This can be difficult with some vendors so is changing to just routers & firewalls.
- Got any third-party devices? There’s going to be clarification about how devices belonging to students, visitors & contractors should be treated.
- Unlocking. Where default settings in a device simply can’t be configured, this will now become acceptable to meet the Cyber Essentials Standard.
- Malware Protection will no longer need to be signature based. Anyone use sandboxing? Be disappointed – it’s being removed.
- There’s going to be new guidance on Zero Trust Architecture and asset management.
We’ll bring you the full lowdown once it’s officially released in the New Year.
Remember – whatever your Cyber Security day-to-day needs, we’re here with a range of programs, support options and certification guidance to help you & your organisation become cyber secure!
Book a Call with a Cyber Essentials Assessor
Check out Rory’s availability using the calendar below. A zoom link will be sent to you once you have confirmed your appointment. We look forward to meeting you!