Six Top Tips to Retain Your Cyber Essentials Plus Certification
*Following the ceasing of support for some Microsoft applications today – Windows 7 (all) & 10 (some) versions are now unsupported and result in Cyber Essentials auto-failure
Fortnightly Patching
o It is imperative to ensure that all critical and highly classified security patches are installed within 14 days of release. This is a key part of the certification and also key to a high level of security throughout an organisation. The reason for this is that it is possible that the vulnerability being patched could already be up to 3 months old when the patch is released.
Remove Unsupported Software Immediately
Unsupported software is an automatic failure for both CE and CE+. When a manufacturer releases a new software version or has ceased support for an existing package, it will no longer receive any security patches. This means that any new vulnerabilities discovered will not be patched. For example, Microsoft announced several years ago that support for Windows 7 would cease on 14th January 2020. Therefore, any instances of Windows 7 still running after this date and accessible to the internet will be vulnerable to new threats.
Ensure All Hardware is Supported
Similar to unsupported software, unsupported hardware is an automatic failure for certification and a high-security risk.
Beware Cheap Imitations and Used Equipment
Genuine hardware, such as Cisco, can be expensive. If offered equipment at a significantly lower cost, this could either be counterfeit or an old, already out-of-support version. Both of these would invalidate certification and make the organisation vulnerable to attack and potentially high fines from the ICO should a breach occur. Do not Gamble with your network investment.
User Permissions
Ensure that any new users are only given the required permission appropriate to their role and that all permissions for leavers are revoked immediately.
Passwords
The minimum password length for CE+ is eight characters, including PINs and passwords for computers and mobile devices. A secure password is vital for basic security, and a mixture of upper and lowercase letters, numbers, and symbols should be used at a minimum.
The use of a passphrase is more secure to avoid brute force techniques. A passphrase should consist of at least three seemingly random words that only have meaning to the user. An example of this could be thinking of something memorable, such as “When I was 9 in 1985 I was hit by a car and broke my leg”. To use this as a passphrase, it could be 1985CarBrokeLeg! Or #9CarLeg, which would meet the minimum for most password criteria.
Any breaches of the above could lead to certification being revoked and cyber insurance being void. In the case of a breach of data or inspection by the ICO, it could also lead to high fines and, perhaps worst of all, public reputational damage to your organisation if you are fined by the ICO.
Learn More about Creative Networks
Reach out to Creative Networks today and embark on your journey to operational excellence and market leadership. Let’s make your business future-ready, together.
Take the first step towards a revolutionised approach by subscribing to our newsletter. Dive deep into a world of exclusive insights, timely updates, and expert advice that can reshape how you navigate the business landscape.
Schedule an appointment with our experts dedicated to understanding your unique needs.
