; Recent Updates to the Cyber Essentials Scheme (and What They Mean For Your Business) | Amazing Support

Recent Updates to the Cyber Essentials Scheme (and What They Mean For Your Business)

The recent changes to the Cyber Essentials Scheme encourage UK businesses to further strengthen their cybersecurity and protect their best interests.

These days it’s not just businesses and their employees that are spending more time online, but cybercriminals too. This is why it is now more important than ever for companies to invest in strengthening their cybersecurity.

Introduced by the UK Government in 2014, the Cyber Essentials Scheme is one of the most important references for businesses that want to keep their operations safeguarded from cybercriminals. This year, some of the important technical control requirements of this scheme have seen a change, and it’s something that businesses of all sizes should be aware of.

In this article, we will share with you in detail these changes and highlight the steps you would need to take in order to maintain your compliance. But first let’s have a look at what the cyber essential scheme is, why it has been updated in 2022, and why you should be concerned about the recent changes.

 

What is the Cyber Essentials Scheme?

The Cyber Essentials Scheme is a certification scheme that was introduced in 2014 by the UK Government, in order to support businesses in improving their cyber security and help make the UK one of the safest countries to do business. It is managed by the NCSC (National Cyber Security Centre) and guides UK businesses on how they can safeguard their IT operations.

The scheme highlights 5 technical controls in order to achieve this goal:

  1. Access control
  2. Secure configuration
  3. Patch management
  4. Malware protection
  5. Internet gateways and boundary firewalls

 

Why is the Cyber Essential Scheme being updated in 2022?

The world of cybersecurity has changed a lot since 2014, when the Cyber Essentials Scheme was first introduced in the UK. Use of cloud services and the work from home culture has become the norm. In order to ensure that the scheme is totally in-line with the evolution of business operations, the NCSC has decided to introduce a few important changes to the scheme.

 

Why should business owners be concerned about these changes?

The recent changes to the Cyber Essentials Scheme are of high importance to all organisations in the UK, regardless of whether their organisation is already Cyber Essentials certified or planning to get the certification in the near future. It’s also crucial to take note of these recent changes if you are planning to do a merger or acquisition, perform supply chain diligence or simply looking for reliable business partners. Needless to say, all organisations in the UK with sizable operations should ideally renew their Cyber Essentials and Cyber Essential Plus certifications every year and also be aware of the new controls in order to ensure the certification doesn’t expire.

 

What changes have been made to the Cyber Essentials Scheme in 2022?

In the recent changes made to the cyber essential system, various elements of a corporate network and cybersecurity have been brought within scope and this includes:

 

Home working devices

All the home based devices used by the employees for office work, whether they are smartphones, tablets or laptops, will now come under the scope of the security recommendations shared in the Cyber Essentials Scheme. As a result, both the employers and employees will need to ensure that the firewall settings on their home working devices comply fully with the guidelines shared in the Cyber Essentials Scheme, if they’re serious about maintaining their compliance.

 

Endpoint devices

It was a common practice for organisations to certify only their server systems and ignore the need for including end user devices in their security assessment exercise. The recent change has made it compulsory to ensure the security of endpoint devices, in an effort to avoid any loopholes that hackers can take advantage of.

 

Multi-factor authentication

Implementing MFA or multi-factor authentication is now an important requirement for maintaining compliance with the Cyber Essentials Scheme in 2022 and beyond. The reason is that MFA provides an extra layer of security on top of password protection and makes it very difficult for bad actors to hack a user’s account and infiltrate into the corporate network.

 

Software updates

In an effort to reduce the security risk for businesses, the NCSC has made a security recommendation that requires IT administrators to install newly released high/critical risk software updates within 14 days of their release. In addition to this, they are also responsible to ensure that:

 

Account separation

Employees should use separate accounts for office work and avoid using those accounts for standard user activities, like browsing the web or checking social media, which might expose the corporate network to vulnerabilities. By maintaining separate accounts and practising online hygiene, they can greatly reduce the risk of cybersecurity incidents.

 

Wrapping up

Even though the organisations will be allowed a grace period of one year for implementing the suggested changes IT leaders should start preparing for the same as soon as they can, to avoid losing the certification and most importantly, to improve their organisation’s cybersecurity.

To learn more about Cyber Essentials certification or how our IT support team can help your organisation comply with the new cybersecurity standards set by the NCSC, get in touch with us today!

Morris - Morris Treger

Great service!

Jane - Blackjack's Mill Ltd

Problem sorted thanks to Mohammad :)

Laurence - Silva Timber Products Ltd

Quick and easy as everything was done for me.

Petra - Chelsea Psychology Clinic

The guy who helped me was very polite and patient. Also helped me resolve my issue quickly.

Sangita - Banana Tree

Excellent service - Thank You!

Tony - Minerva MC

I was contacted within a few minutes of reporting the issue and within 30 minutes all was sorted. I\'m not totally IT literate but Mohammad was patient and explained everything simply.

Fran - FMC Ltd

I had an issue with Spam email that Mohammed dealt with speedily and efficiently.

Paul - Silva Timber Ltd

Quick service, e-mailed and someone phoned me back within 15 minutes.

Andy - Adams Mitchell

Very quick response, cleared issue very quickly.