December 20th 2021
CHANGES TO THE CYBER ESSENTIALS SCHEME 2022
Over the past two years, businesses have had to adapt to new ways of working. From the move to home offices and hybrid models to the dramatic shift in digital transformation and the increased reliance on cloud services, companies must now consider their online security as a major priority.
As our reliance on devices and networks has increased, so too has criminal activity. Cyberthreats are now a daily concern, with their often catastrophic impact on global businesses of all kinds being reported in the mainstream news on a regular basis. In 2014, the UK government developed a range of products called Cyber Essentials to support companies in implementing digital safety measures.
Having originated from the UK Government’s National Cyber Security Strategy, the scheme has become vital for business recovery post-pandemic with a recent review resulting in several crucial updates coming into effect on 24 January 2022. Here’s a quick guide to the most recent changes.
Why Use the Cyber Essentials Scheme?
The Cyber Essentials scheme provides a set of standards that companies of all types can use to help protect themselves from the most frequent online threats including ransomware, which continues to be one of the biggest cyberthreats to businesses. To obtain the Cyber Essentials or the more advanced Cyber Essentials Plus certificate, companies need to complete an online self-assessment.
Once certification has been received, businesses can benefit from a variety of support including:
- Firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
At the end of December 2021, 80,000 certificates had been distributed to UK businesses since the launch of the scheme in 2014. With cybersecurity now a key concern, the number of companies applying for certificates looks set to rise, particularly following the recent scheme improvements.
What Changes Have Been Made?
A review of Cyber Essentials was conducted in June 2020 followed by consultation with industry experts. The changes are the largest update ever made to the scheme’s technical features, reflecting the importance of protecting systems, data, and users within UK businesses of all sizes and sectors.
Among the many specific changes to Cyber Essentials, the following are among the most crucial:
- Security updates identified as ‘high’ or ‘critical’ must be applied within 14 days.
- Unsupported software needs to be removed from systems immediately.
- Separate accounts should be used to perform administrative activities.
- Devices to be locked using biometrics, a minimum password, or 6-character pin.
- Complex password creation and multi-factor authentication to be used.
The full of list of the changes with further details are available on the IASME website, within scheme certificate documentation, and by contacting an IT professional (including our team at Lily Comms).
Complete Security for Your Company
With cyber safety now a business necessity, companies need to ensure their systems are protected. At Lily, our consultants are on hand to help with your security concerns, including how to obtain and renew your Cyber Essentials certificate. Get in touch with us today.