IT Solutions
Depend on us to get your organisation to the next level.
Sectors
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
About Us
Your tech partner
Posted 20th August 2024
2024 has seen the tenth anniversary of the UK Government-backed Cyber Essentials certification scheme. It represents a recognised and trusted line of defence for businesses and organisations of all sizes against the constantly evolving and rapidly growing landscape of threats such as hacking, phishing and malware.
The effects that these attacks can have on a company can be devastating, with crippling losses of data, huge amounts of resources wasted, catastrophic impacts on brand reputation and businesses ceasing to exist. The Cyber Essentials program was introduced to enhance overall national cyber security through the establishment of a baseline that can reduce these risks, demonstrate a shared commitment to cyber security and help develop regulation and compliance.
It’s fair to say that we are all in a much more knowledgeable place than we were a decade ago for our understanding of cyber security. Our trust in digital services has risen alongside our reliance on them and there is growing awareness of exactly how responsible people need to be in providing the levels of protection we all require.
However, the amount of breaches that are as a result of human error is still a sobering statistic. At BCN, we have worked on the frontline of cyber security throughout the Cyber Essentials rollout with services tailored to making sure that every end user at our client partners is comfortable with their responsibility. The readiness assessments, reviews and support we provide are a vital step in this process to ensure that they comfortably secure the Cyber Essentials certification, every time.
Our experience and continuing cyber security conversations with users of all levels do still uncover lots of misinformation and assumptions about Cyber Essentials though. The consequences of these misconceptions could be incredibly damaging, so we always like to arm people with the perfect answer, manage expectations properly and provide up to date information that will help. That’s why we wanted to present their pick of the bunch to debunk the most common misconceptions on Cyber Essentials.
Making every software application used by your team compliant with Cyber Essentials is not required. There may well be some SaaS applications and sites that staff use to complete their role that aren’t managed by the business. If it isn’t your company that subscribes, manages user accounts or pays for it any way then it isn’t in scope for Cyber Essentials.
The failure to manage user access properly can cause huge problems. Limiting access to sensitive information and managing permissions to any sensitive data and information should never be overlooked. Authorise and monitor your data access at every level.
One of the fundamental requirements of Cyber Essentials is making sure you are running the latest versions of software & systems at all times. A great rule of thumb is to employ a patch management process that updates within 14 days of a patch release. This will stop you from being vulnerable from new and emerging exploits.
The advances from bad actors in the cyber threat world mean that MFA is entirely essential for all cloud services. Without it, many of your critical services will be dangerously exposed. Implementing it on some platforms may be complicated, but help is always available and definitely worth the effort.
People protect. It really is that simple. Making your entire team understand the Cyber Essentials certification requirements and benefits is the greatest way to secure your company. Proper training and awareness has to be consistent and constant.
Getting the basics right can bolster security immediately. Cyber Essentials demands that configuring systems in a secure way must be completed across the organisation. Changing default passwords and settings is a simple way to remove the easiest target for attackers and hackers.
Preventing unauthorised access to your IT infrastructure is the ultimate goal of cyber security and firewalls are a basic essential to achieve this. However, it is important that they are professionally and correctly used with the right configuration. All too often they are improperly configured for us. Waiting for tests in real-life situations will mean it’s already too late to block unwanted access.
There still seems to be confusion around Technical Controls when it comes to mobile devices. Mobile Device Management (MDM) & Mobile Application Management (MAM) allow you to ensure compliance is met centrally, enforcing policies, encrypting data where appropriate, tracking your whole inventory and rolling out updates from one source.
Although it may seem that Cyber Essentials is everywhere, the figures tell a different story. Recent reports show that a disappointingly small 12% of businesses are aware of the scheme with only 141, 000 of the UK’s estimated 1.4 million organisations with employees being Cyber Essentials certified.
It should be immediately and importantly clear to all business owners, stakeholders, users and partners how essential cyber security is. BCN understands that getting the most from your cyber security means a long term and dedicated commitment to uncovering any vulnerability, building the strongest defences and mitigating any risks. That’s why we are working towards the ultimate aim of having 100% of our customers at the recommended level, or above, of security posture by the end of 2024.
BCN’s Cyber Security Pledge operates as our framework to work to as we achieve this, aiming to protect, support and empower all of our customers, giving them the very best tool kit to defend themselves, and their company, from the cyber threats that are continually present in a modern workplace.
