Cyber Security

Cyber Essentials Plus: What is it and why do we have it?

Bluecube is Cyber Essentials Plus certified, meaning we meet a government-endorsed standard of cyber security and keep security at the heart of what we do.

Bluecube is Cyber Essentials Plus certified, meaning we meet a government-endorsed standard of cyber security and keep security at the heart of what we do.

What is Cyber Essentials Plus? 

Cyber Essentials Plus is a UK Government-backed and industry-supported certification scheme. It was created to help organisations demonstrate they can protect against cyber security threats. There are two types: Cyber Essentials and Cyber Essentials Plus.

  • Cyber Essentials acts as a foundational certificate achieved through a self-assessment that assesses if a company has the basic controls to mitigate risk from common cyber threats.

 

  • Cyber Essentials Plus is the highest level of certification achieved under the Government scheme. Organisations that have this will meet the basic requirements and undergo rigorous technical verification. This is in the form of vulnerability testing, carried out by experts to test the organisation’s systems physically. These tests look to identify if there is thorough protection from several cyber threats including hacking and phishing.1593257829770

What does it mean to be Cyber Essentials Plus certified?

Cyber Essentials Plus is the highest level of certification offered under the Government scheme. By achieving it, Bluecube is listed within the government registry of certified organisations which can provide a lot of opportunities but also allows us to demonstrate a strong stance regarding cyber security.

By meeting the requirements, an organisation can provide assurances that its cyber security services and systems are highly secure and improve trust with current and future clients. It allows Bluecube to indicate that we have taken proactive measures against cyber-attacks and have proven our services meet a high-security standard.

The 5 controls of Cyber Essentials

Cyber Essentials Plus contains 5 key controls that cover the basics of effective information security. They are essential to keeping organisations and their systems safe. To achieve a Cyber Essentials certification, the Government require evidence that these 5 technical controls are met by the organisation. Bluecube delivers them as a basis for all cyber security support services.

Let’s go into some more detail about what they are:

Firewalls

Firewalls are designed to act as a virtual border between an untrusted network and the network it is protecting. It is a security device that comes in the form of computer hardware or software. They monitor traffic and block unrecognised, unwanted sources from gaining unauthorised access to private data on computers. They can be programmed to specific security rules dependent on the amount of protection needed and the type of systems it is used on.

It is essential that firewalls are used to ensure that only secure and necessary network services can be accessed from the Internet.

Secure configuration

Network devices and computers will often come with pre-installed default configurations and settings. These default installations are not always secure as they have weak points that cybercriminals can use as opportunities to easily gain unauthorised access to sensitive information.

These vulnerable configurations include unnecessary user accounts and applications.

Secure configuration ensures the level of risk is reduced and that devices only fulfil their required role. This is done by applying technical controls and security settings, like two-factor authentication, to raise the levels of protection on software and devices and close the vulnerability gaps.

User access control

In the workplace, sharing user accounts and passwords with people you trust or are working with a team is often convenient. However, there are reasons administrator rights are only assigned to the authorised user and should not be shared. As they’re shared around, it widens the opportunities for exploitation.

User access control is used to keep access to data and systems to a minimum by only allowing the authorised user access to settings, accounts, devices, and software to perform the intended role. Minimal levels of access should be granted, and administrative access must be managed effectively.

Malware protection

Malware (short for malicious software) refers to the many types of intrusive software, designed specifically to harm devices, software, or networks. It can come in many forms, such as ransomware, computer viruses, worms, adware, botnet software and spyware. Organisations need to protect against malware as cyber criminals can cause a lot of damage with these kinds of attacks. The criminals can design malware to do exactly what they want such as: steal sensitive information, damage or wipe files or lock systems, and demand financial ransom.

In a world where technology is always growing, changing, and updating, nothing is immune to these kinds of attacks. This makes it even more important to have high-level malware protection in place.

Patch management

Phones, tablets, laptops, computers, software… They all require us to update them every so often but how does this affect security? Well, developers and manufacturers will release updates regularly and while you might not notice any visible changes or features, there are vulnerability and security fixes that are implemented with the update.

The act of updating systems and devices regularly so they are up to date is called patching. You are putting a patch over any vulnerabilities that may arise. Automatic updates and modern replacement of some devices and software are sometimes necessary to stay fully protected.

Why does Bluecube have a Cyber Essentials Plus certification?

Bluecube value security a lot, which is why we keep it at the heart of what we do. We have integrated the 5 controls into everything we do and deliver to our clients. For example, we:

- Provide desktop equipment configured specifically to our client’s needs and security requirements
- Deliver a plethora of cyber security services and solutions to cover the full cycle; securing, monitoring, protecting and recovering

To get certified, Bluecube underwent a security audit, involving simulated attacks and vulnerability testing, to verify our systems are secure and that we met all the requirements of the certification.

What are the benefits?

  • We can reassure clients that we work hard to secure our and their IT systems, against cyber risk
  • It guards Bluecube and our clients from the most common cyber threats
  • It demonstrates that we have an established overview of our cyber security level
  • Highlights we have undergone measures to enhance our security
  • Increased trust can be established with clients and employees
  • We are listed on the government registry of certified organisations
  • Allows us to maintain and gain strong relations with clients who prioritise cyber security as much as we do

Contact us – We take cyber security seriously

Here at Bluecube, our main priority is keeping our clients safe and secure. Our cyber security services ensure your business is more resilient to cyber-attacks.

Give our team a call today on 0845 257 8010, or fill out our online enquiry form and one of our team will be in touch with you shortly.

Latest