The Cyber Essentials framework is a cyber security framework that we recommend to all our clients. It covers the most basic security measures you should have in place within your business.
Cyber Essentials does get some negative reviews; this is because it is basic and only covers the essentials. This does, however, appeal to small businesses that need to gain the knowledge to develop complex cybersecurity solutions, and they also don’t often have the budget. Cyber Essentials ensures that they have the bare minimum security in place and can repel basic cyberattacks.
This Framework is not going to protect you if more advanced cybercriminals decide to target your business. It is also missing a few important parts to being cyber secure. However, it is a start, and if you want to work with local authorities or government organisations, you must have the Cyber Essential Certification.
Back in January 2022, the Cyber Essentials framework had a makeover. It was the most substantial change since its introduction in 2014. In addition, new controls were introduced, and you can learn all about them HERE.
Two changes were:
- Thin clients becoming included in the scope
- Multifactor Authentication on all accounts
These were expected to be done and sorted out by businesses before January 2023 and announced 12 months in advance in order to give businesses time to adjust. These updates are not massive shake-ups of the certification, but there will be clarification on certain aspects of the controls.
In April of 2023, a few more changes will be made to the Cyber Essentials qualification. These developments to the checklist regularly ensure that the security of your business is kept up to date with modern threats and provide solutions to the pre-existing guidelines so that you can ensure your business works best with the Qualification and has the best base layer f protection from cybercrime.
Integral IT has seen a surge of businesses employing subcontractors rather than those on their own payroll. These subcontractors often prefer to use their own devices, such as laptops ad PCs. Therefore, guidance will be put in place on how to deal with this on a cyber essentials level.
Firmware is a software update for hardware. This could include updates for printers or firewalls. Previously, Cyber Essentials stated you had to ensure that all Firmware has the most up-to-date version. However, This was causing a few issues. This is, therefore, getting loosened, and you only have to ensure your router firewall framework is up to date.
Cyber Essentials is evolving as security software gets more sophisticated. Up until now, the only antivirus that was checked was file-based antivirus. This is due o change in April.
The changes with the 12-month warning that we discussed earlier were announced in January 2022 and were initially scheduled to come out the following January. However, with other changes occurring in April, Cyber essentials Pushed the updates back.