Cyber Essentials is just that, the essentials. It covers only the bare minimum that your business should have in place to protect from cyber-attacks. If your business passes the Cyber Essentials testing, that does not mean that your company is sufficiently protected from hackers. You should be doing a lot more to keep your data safe.
Although Cyber Essentials is a positive scheme, we believe a few things should be included in the framework as they are also ‘essential’. such as:
- Backup and Recovery
- Two-Factor Authentication
- Cyber Awareness Training
- Email Security
Backup and Recovery
Backing up data is a crucial step when it comes to cyber security. If your business suffered a cyber-attack without backup, the hacker could easily encrypt all of your data, leaving you unable to get it back. Recovery from a cyber-attack won’t be able to be done without this. This isn’t part of the Cyber Essentials as a necessity. It is only advised, and until January 2022, it wasn’t even mentioned. Backup being ‘advisory’ isn’t enough, and everyone should be doing it.
Two Factor Authentication
If you have access to two-factor authentication on your cloud login, you could reduce your chances of being hacked by 99.9%, according to microsoft.com, if you activate it. So indeed, this is counted as a cyber essential? Unfortunately, this is not, in fact, a part of the scheme’s framework, and two-factor authentication isn’t going to be a mandatory requirement until January 2023. At this point, only administrators are required to have two-factor authentication turned on. We recommend using two-factor whenever possible, especially on your cloud services such as Microsoft 365.
Cyber Awareness Training
Your business’s security is only as strong as your weakest team member’s security. If your employees are not trained in Cyber Awareness, this puts your business at a massive risk of success. They should all know how to spot a cybercrime attempt via email and be able to handle scam calls to reduce the risk of them falling victim to a hacker, or else they are putting the whole business in danger.
Many cyber-attacks begin via emails. So what is to happen when a well-hidden dodgy email slips, though? Hackers can trick many people into putting their data and account details where they can steal them or having people click on links that cause malware to infect the computer. Having a secure email system will only stop the majority of scam emails, not all of them, so it is down to those whose email inboxes it is t be able to spot them and know how to deal with them. This can be done via Cyber Awareness Training.
Although Cyber Essentials is a great scheme that will undoubtedly help many businesses become much more secure. More actions should be taken to ensure security for your business and prevent cyber-attacks.