If you didn’t know this already, the National Cyber Security Centre and its Cyber Essentials delivery partner IASME will be making changes to the requirements associated with Cyber Essentials this April. The reasoning behind these updates is to help guarantee that UK businesses are able to continue to protect themselves against cyber threats.
So, for those of you that don’t know what Cyber Essentials is?
You will find that an information security standard, the Cyber Essential scheme provides both affordable and effective levels of assurance for businesses big or small and is split into two categories: Cyber Essentials and Cyber Essentials PLUS. Furthermore, you will find that this scheme consists of 5 controls that when implemented will enable businesses to protect themselves from cyber-attacks. Also, by having the cyber security certification in place will allow your business to reduce the risk of a cyber-attack by 80%.
So, what is coming to Cyber Essentials in the latest update in April 2023?
You will be pleased to know that the latest update will be much more relaxed than the previous years with more clarification provided along with some additional guidance.
Clarification on firmware – You will find that firmware is currently part of the definition of ‘software’ and therefore will need to be kept up to date and up to scratch. Given the fact that it has been reported that this information has being too difficult to find, you will notice that this has now been changed to include just router and firewall firmware.
Unlocking devices – You will notice that a change has been made to avoid issues associated with the default settings in devices being unconfigurable. When this comes to the fold, it will now be acceptable for applicants to use those default settings.
Third party devices – You will notice that there is now more information and an extra table to confirm how third-party devices should be treated in your application.
User devices – Apart from network devices, all user devices declared within the scope of the certification will only need to list both the make and operating system only. You will no longer have to enter the model of the device. You will notice that this change has been made in the self-assessment questions set not the requirements document.
When do the above changes come into operation?
The above changes will come into operation from April 24th 2023. Therefore, if you start your applications after this date, you will be using the new set of questions and requirements.
The team at Advantage strongly advise that businesses should seriously consider getting Cyber Security Certified if your business runs an IT infrastructure, your business handles vast quantities of customer data or if you want to safeguard your business from the most serious of cyber-attacks. As Advantage is a Cyber Essentials certified partner, we will be able to provide you with the support and certification services that are included for both Cyber Essentials and Cyber Essentials PLUS.
You will find that cyber threats should be seen like any other business risk. The proactive approach here is to take suitable steps to both remove, mitigate or accept the risk. Therefore, by choosing to implement the five key controls as part of the Cyber Essentials certification you can help to reduce some of the risks that your business faces.
As well as this, you should also consider looking into some of our Cyber Security options as well as reviewing some of our tailored security packages. To discuss this or the above please give our team of Cyber Security experts a call now.
Want to get more cyber security related news delivered straight to your inbox? You can if you have signed up to our mailing list.