Microsoft 365 and the need for Cyber Essentials

Cyber Essentials London

Cyber Essentials is an initiative by the British Government’s Department for Business, Innovation and Skills and the nation’s cyber security specialists, the National Cyber Security Centre (NCSC). Launched in 2015, Cyber Essentials accreditation is all about encouraging organisations – including, of course, London’s small to medium-sized business community – to adopt good practice in information security and demonstrate a commitment to safeguarding data against online threats. If you utilise Software as a Service (SaaS) applications, such as Microsoft 365, Cyber Essentials will help keep your IT infrastructure, data, IP and confidential customer information secure and your business compliant.

How Cloud-based solutions such as Microsoft 365 benefit from this accreditation

London businesses are adopting Cloud computing in growing numbers. Especially as the Coronavirus pandemic has driven many to rely on remote working. It’s no surprise, then, that cyber attackers are increasingly turning their attention to hacking Cloud-based solutions, such as Microsoft 365 making Cyber Essentials key to your business’s security online. In this blog post we’re going to take a closer look at the features of the two versions of Cyber Essentials accreditation and the many benefits they offer your business.

What is Cyber Essentials certification?

The basic Cyber Essentials accreditation is a self-assessment process that empowers you to understand, recognise and protect

your business and data against the most common cyber attacks. It does this by defining a focused set of controls to give you clear guidance on basic cybersecurity that can be implemented at a low cost.

Knowing the common threats is important to your business. Why? Because if your IT is vulnerable to simple cyber threats it can make you more liable to being a target for sophisticated and unwanted attention from cyber criminals.

Therefore, Cyber Essentials certification provides you with the peace of mind of knowing that your defences will protect you against the vast majority of common cyber threats.

What is Cyber Essentials Plus certification?

Cyber Essentials Plus takes the simple approach of Cyber Essentials – and the protections you need to put in place are the same – but Cyber Essentials Plus provides you with the added reassurance of a hands-on technical verification.

This more rigorous test of your organisation’s cyber security systems is where our cyber security experts carry out vulnerability tests to make sure that your small to medium sized business is protected against basic hacking and phishing attacks.

The result is even greater peace of mind for you and your team, customers and business partners.

The benefits of the Cyber Essentials scheme basic certificate and ‘Plus’ certification

The Cyber Essentials scheme basic and ‘Plus’ certifications provide your business with a number of advantages, including:

  1. Peace of mind

Certification can help to give everyone you work with peace of mind, reassuring your colleagues, customers and business partners that your IT is secure against cyberattack.

  1. Potential

Cyber Essentials certification can help you attract new business as potential customers are much more likely to work with you if they are confident you have sound cybersecurity measures in place.

  1. Clarity

The Cyber Essentials certification process is simple, effective, reviewed by cybersecurity experts and will give you a clear picture of your organisation’s cyber security status and, therefore, put you in a better position to make any improvements needed.

  1. Opportunity

Certification will enable you to bid for and undertake contracts in some of the most highly regulated industries (particularly the UK and government and MOD), as holding such certification has become mandatory.

  1. Protection in the Covid-19 pandemic

Research suggests that since February 2020 and the Coronavirus pandemic starting, cyberattacks around the world have increased by 400%.

Increasing numbers of malware, ransomware and phishing attacks have all been used to exploit businesses during this time but meeting the standard set by Cyber Essentials scheme basic certificate or ‘Plus’ certification means your enterprise is better protected against such threats.

  1. Better defences

Ultimately, certification will help you to mitigate risks to your business and better protect your IT, data, IP and confidential customer information against 80% common cyber threats.

For example, as the Cyber Essentials scheme basic certificate requires any devices you have connected to the internet to be protected with a firewall (as does the ‘Plus’ version), certification is a proven defence against ransomware attacks – where your data can be locked, leaked or basically held hostage until a ‘ransom’ is paid.

The five controls needed 

The Cyber Essentials and Cyber Essential Plus requirements for accreditation need you to have some essential cybersecurity protections and processes in place. These are:

  1. Firewalls

Make sure all the devices you have connected to the Internet are protected with a firewall.

  1. Secure settings

Change the manufacturer’s default configuration on all your hardware and software – it helps keep cyber attackers at bay.

  1. Control admin permissions

Your team’s user accounts should only give them access to the devices, software and settings they need to do their job. Admin permissions should only be given to those who need them.

  1. Virus and malware protection

All devices including laptops, PC’s, phones and tablets, should be protected against attacks by virus or malware. Once these threats are in your network, they can infect other connected devices and software.

  1. Patching requirements

From operating systems, software and apps to mainframes, laptops, tablets and phones, you should keep all your technical resources up to date at all times. This process is called ‘patching.’

On the downside, we know updates are tiresome. On the upside they’re usually simple, fast and free. This process is important because manufacturers and developers release regular updates and patches that not only add new features but also fix any discovered security flaws, which are known as vulnerabilities.

Patch management or simple patching is you implementing these ‘fixes’ and it’s one of the single most important things you can do to improve your cyber security.

There are two key factors to consider here. The first is that you can set many of your technical resources to ‘automatically update’ wherever this is an option and the patch becomes available. In this way, you will be protected as soon as the update is released.

The second point to keep in mind is that all IT has a limited lifespan. When a manufacturer or developer no longer supports their product with new updates you should upgrade the hardware or software concerned to newer versions.

Cyber Essentials and Cyber Essentials Plus patching requirements mean you have to keep all your software up to date (and patched within 14 days of a fix being released), licensed and removed from devices when it’s no longer supported.

The difference between Cyber Essentials and ISO 27001 certifications

Although Cyber Essentials accreditation and ISO 27001 accreditation complement each other, the certifications serve different needs.

Introduced in 2005, ISO 27001 is for businesses that want to maintain the international standard for information security. So the certification defines what is required for a business to establish, implement, maintain and improve an Information Security System.

One key difference between the two certifications is that ISO 27001 considers all information – whether the medium is paper, systems or digital media. Cyber Essentials protects data and programs only on your IT infrastructure, including your network, server, workstations and devices.

Note that currently your business is not required to have ISO 27001 to work with the UK public sector. However, many organisations choose to certify to ISO 27001 anyway, to benefit from its best practice standards and also reassure customers that those best practices have been followed.

Experts in Microsoft 365 and Cyber Essentials 

If you’re using a Cloud computing SaaS solution – such as Microsoft 365 – then accreditation to the Cyber Essentials scheme basic certificate or ‘Plus’ certification can tangibly benefit your London-based business and your peace of mind. That’s because any data breach, damage, theft, leak or loss can play havoc with your finances, customer confidence and hard-earned reputation. The fines for a data breach under GDPR, for example, can amount to €20 million or 4% of your global turnover.

However, if you’re too busy running your business to worry about running your cybersecurity strategy, including Cyber Essentials and Cyber Essentials Plus accreditation, we can help.

The highly experienced cybersecurity experts here at totality services have helped numerous clients across London to better protect their business and data. Not only do we hold Cyber Essentials and ISO 27001 certifications, we are also a recognised Microsoft Partner, so are perfectly positioned to advise on your cybersecurity needs on the Microsoft 365 platform.

So give London’s go to IT support services team a call for a confidential, no-obligation chat about your requirements and you’ll discover why we’ve earned two Feefo Gold Trusted Service Awards, Five Star ratings from both Trustpilot and Google and 98% client retention rate.