With the new version of Cyber Essentials released this month, here are the key changes to the initiative you need to be aware of.
Cyber Essentials is a government-backed and industry-recognised initiative which aims to raise cyber security awareness and help businesses mitigate common internet-based threats.
The Cyber Essentials update is the biggest overhaul of the scheme’s technical controls since it was first launched in 2014. Shaped by feedback from assessors, industry experts and businesses, the update has been made in response to changes in the threat landscape with the aim of aligning Cyber Essentials more effectively with other guidance. It paves the way for more regular reviews of the controls in the future.
The update includes revisions to technical requirements relating to:
- The use of cloud services
- Home working
- Multi-factor authentication
- Password management
- Security updates
- Thin clients
It is important to note that any assessments which are already underway, or which started before January 2022, will be able to continue to use the current technical standard. Organisations using the previouscurrent standard will have six months from 24 January to complete the assessment.
Organisations that need to make some adjustments for being assessed against the new standards will have a grace period of up to 12 months for some requirements. Read more about the changes here.
Kroll’s 10 essential security controls
Kroll’s list of essential security controls can help to significantly improve organisations’ cyber security posture by creating a robust baseline of security controls, akin to those in the Cyber Essentials scheme.
These controls are validated by Kroll’s seasoned security experts based on frontline expertise and with a thorough review of the expanded questionnaires now requested by most cyber insurance carriers.
For more details, including hands-on support, Kroll’s global team of experts are here to help.