The National Cyber Security Centre (NCSC) recently announced changes to Cyber Essentials, a UK Government scheme designed to protect organisations from online security threats. The changes – which came into effect in January 2022 – represent the most significant updates to Cyber Essentials since 2014.
Guidance Around Remote Working
Remote working was relatively uncommon when Cyber Essentials was launched. Today, however, it’s fast becoming the norm. As a result, the NCSC has updated its guidance surrounding home working, emphasising the importance of firewall controls to protect users from malware and other security threats.
Cloud Services
The NCSC has implemented a shared responsibility framework for cloud services in response to the significant uptick in cloud users. The guidelines offer five technical controls for the most common cloud service types while emphasising that it is the responsibility of applicants to ensure cloud services implement their services correctly.
Authentication methods
In response to the rise of, and importance of, multi-factor authentication (MFA), the NCSC has updated its guidance on selecting the right kind of security measures for employee IT accounts. The rules make clear the need to select MFA methods that employees can access and understand. There is also an updated password security section that offers advice about choosing strong passwords and how to use a password manager.
The guidance states that MFA should always be used for accessing cloud services and passwords must now be at least 8 characters long. Currently, there are no restrictions surrounding maximum password length.
Backing up data
Currently, there are no technical requirements to back up user data. However, with these changes to Cyber Essentials, the NCSC has offered guidance on protecting sensitive data and implementing effective backup solutions.
Thin clients
From January 2023, thin clients must receive regular security updates. Thin clients are essentially ‘dumb terminals’ that provide employees with access to a remote desktop. They don’t hold significant amounts of data but can connect to the internet – which means they must be protected.
Do I need Cyber Essential certification?
With Cyber Essentials, you can reassure customers that you’re working hard to protect their data. You can also gain a strong idea of your organisation’s security strengths and vulnerabilities.
Akita is an experienced Cyber Essentials assessor. Find out more about our services:
View More