We want to ensure that we are protecting our company through preventing cyber-attacks. We are proud to have renewed our Cyber Essentials and Cyber Essentials Plus certification, (a government backed scheme) and continuing, as a company to put measures in place that further heighten our security.
To pass the certification we had to meet five main technical control themes. These included:
- Firewall Controls
- Secure configuration for devices and software
- User access control to data and systems
- Virus & Malware protection
- Hardware and Software update management
The Cyber Security Breaches Survey 2022, found in 2021, 39% of business have identified a cyber-attack. Whilst this percentage is still high, since 2017 this figure has decreased by 7%, showing that through cyber security, we can identify and act against cyber-attacks
At the start of 2022, the Cyber Essentials scope was extended to further protect businesses. Some of these changes include:
- All Cloud-based services now must be included and tested
- More stringent Passwords and two-factor authentication rules
- Unsupported software must be on quarantined machines
- Updated rules around Routers and Firewall settings.
In addition to remain secure, we also follow the most up to date Government, National Cyber Security Centre (NCSC) guidelines.
With the ongoing security threats the NCSC have been launching “Cyber Aware” campaigns across the country to remind individuals and companies, that no matter the size, it is crucial to protect themselves.
The “Cyber Aware” campaign, amongst others, promotes two main actions:
- Strengthening passwords by using 3 random words (3RW)
- Enabling 2-step verification (2SV), also known as multi-factor authentication.
This month we are putting these two measures fully into place and are promoting the campaign internally, encouraging our employees to extend this security beyond the business into their private lives. This will not only go one step further in protecting employee’s sensitive data, but it will also mean that every individual acts as a firewall to protect our business against potential cyber-attacks.
As part of our policies, all employees undergo continuous training on cyber security and as part of this, and all will be fully trained on how to set up and use 2 step verification methods as well as advice on how strengthen passwords.
