Cyber Essentials, the UK government-backed scheme aimed at helping businesses to improve their cyber posture, was updated in April 2023.
The National Cyber Security Centre (NCSC) describes this update, version 3.1, as a ‘lighter touch’ update than the previous iteration in 2022, but it still contains some important updates and clarifications. In this blog post, we provide a brief overview of some of the changes.
Cyber Essentials is an initiative created with the aim of increasing awareness of cyber security issues and enabling companies to address common types of cyber threats. The scheme, which was launched in 2014, provides a framework for organisations to follow. This allows them to gain one of two types of Cyber Essentials badges to demonstrate that they are better able to defend against the most common types of cyber-threats.
Open to organisations of all sizes and in all sectors, the basic version of the scheme requires self-assessment, while the Cyber Essentials Plus scheme involves technical verification by an accredited third party. With cyber threats constantly evolving, the guidance provided by Cyber Essentials has to keep up in order to continue to support businesses effectively. Latest changes include:
- Firmware– While all firmware is currently included in the definition of ‘software’, meaning it must be kept up to date and supported, this has changed to just router and firewall firmware, due to difficulties with information provided by vendors.
- Third party devices– This includes further clarification, with a new table highlighting how third-party devices should be treated in applications.
- Device unlocking– This change is aimed at mitigating issues associated with some default settings in devices being unconfigurable, allowing for applicants to use those default settings where that is the case.
- Malware protection– Anti-malware software is no longer be required to be signature-based. Clarification has been added around which mechanism is suitable for different types of devices.
Boost your security with Kroll’s 10 essential security controls
The Cyber Essentials scheme highlights the value of having a strong baseline of security in place. Kroll has identified 10 essential security controls every organisation can implement to help enhance their cyber resilience. Developed by Kroll’s security experts and drawing on insights from 3,000 security investigations a year, this list of essential controls can help to significantly improve your security posture.
For more details, including hands-on support, Kroll’s global team of experts are here to help.