National Cyber Security Centre (NCSC) is a government backed scheme operating in combination with its Cyber Essentials partner IASME.
Cyber Essentials aims to support all companies against a wide range of commonly experienced cyber-attacks. Cyber Essentials is considered the base line for good infrastructure practices and Qi will work with you in the 5 key areas of Cyber Essentials to achieve that base line and take you through the accreditation process if certification is required for your supply chain.
Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover (terms apply).
Firewall Configuration
A firewall protects the boundary of a network or a computer system. Connections to a device are checked and are either blocked or permitted according to the firewall rules defined.
Qi will ensure your firewall configuration meets the Cyber Essentials requirements for enabling necessary services and disabling others which may provide an entry for a malicious attack.
Secure device settings
Accepting the default settings of any new device in a business network may leave your network open to increased risk. By default, devices tend to arrive with the end user in mind: multifunctional and with open use.
Qi will audit your existing IT inventory to ensure that security configurations meet Cyber Essentials requirements and provision Microsoft 365 licensing and policies to make adding new devices and appropriate security configurations manageable and auditable.
Anti-malware Protection
Anti-malware identifies and prevents malicious software (known as malware) from infecting computer systems or electronic devices. Anti-Malware tools once installed must reviewed and updated regularly.
Qi will ensure that suitable anti-malware software is appropriately defined and updated to make sure that files are scanned at the point of download, scan websites for viruses along with any internal external storage, protecting you from Zero Day Threats, malicious attacks, spam & phishing.
Secure administration Access
Firstly, administration accounts which are rarely if ever required for day-to-day processing, should be accessed only by those that need them as part of their job role. Administration account access needs to be monitored and tracked by a nominated senior manager or business owner.
Qi will work with you to understand the day to day access requirements of your staff body so that access to required areas of your Business Applications is permitted by relevant staff dependent on their job roles and required level of administration rights. This reduces accidental or random access to data and the opportunities for human error or malevolent activity.
Patching & Security
Patching is a process by which to repair a vulnerability or a flaw that is identified after the release of an application or software. Operating systems and applications regularly have updates with new features and vulnerability fixes present. These should be installed in a timely manner, which is determined in Cyber Essentials to be no more than 14 days to prevent attackers from being able to exploit these vulnerabilities to gain access to system or data.
Qi will identify how software updates are currently configured and ensure settings enable automatic, out of hours business updates to prevent inconvenience and down time. As part of the Cyber Essentials process, Qi will identify any network connected unsupportable devices and make suitable recommendations
Qi and Cyber Essentials
It is possible to take your business through the Cyber Essentials steps without outside help, but it can be time consuming and confusing on your own.
Qi will get you to the required enhanced baseline and oversee the accreditation procedure. Our recommendations and actions will leave your infrastructure robust, secure and accreditable. Even if you do not require accreditation now, it likely that at some point you may.
Once you have achieved the Cyber Essentials baseline and the benefits that brings, with sustainable security protocols, policies, devices and software, then achieving accreditation at a later date will require little, if any action.
