Recently I presented at a Sterling Networks Event in the Midlands.
I knew the audience was going to be a mix of Technical people who would know about these things and non technical people who would not.
There is a movement to try and simplify and reduce the cost of an entry level Cyber Security check list.
This was my effort to do so.
Please note that Cyber Essentials is a Midlands initiative – GCHQ/NCSC own the scheme, IASME in Malvern run the scheme and eg Pete Rucinski – in Malvern – can actually issue your certificate. Support your local organisations !
According to the NCSC If we follow the Cyber Essentials 5 Controls guidance it will stop 80% of all cyber attacks.
The problem is that it is still a bit complicated and difficult to remember – not exactly – Hands, Face, Space ! Some would also say that at £300 minimum it is a lot of money for SME’s.
There are various initiatives on the go to make it easier and lower cost. One of my companies has been working on this the last couple of years alongside it also being a Continuous Monitoring process rather than an annual assessment like a car MOT. We aim to stop 95% of attacks.
Making a car safe, getting Covidsafe ( eg by using the HSE standard ) and getting Cybersafe using CE are all ways of reducing risk and insurance companies, lawyers and HR people like to reduce risk ( and increase Compliance ).
Cyber Essentials is the first step on the way to even greater Compliance and reduced Cyber Risk ( the ultimate ISO standard attained would be 27001. )
Awareness of Cyber Essentials needs to be improved but many companies proudly display it on their websites ( see bottom of https://cybersecurityassociation.co.uk/ ) and their walls. Like ISO 9001 It can get you a government contract and it can also get you free or reduced Cyber Insurance.
The PDF goes into great detail about Cyber Essentials and the 5 Controls but we are going to do the simpler and easier version.
Our Hands, Face, Space will be not so easy but F.R A A A P – Firewall, Router, Authority, Access, Antivirus and Patching.
In the pdf is a diagram of a typical Home/Small Business Network.This may be a useful aid.
We are going to talk about your network and FRAAAP.
Firewall – needs to be set up correctly if you have one
Router – make sure you have changed the manufacturers default password to a more unique one
Authority – Have control over who has access to what
Access – Have strong Passwords – 3 word ones recommended
Anti Virus – Have one, make sure up to date, maybe have 2 ! ( Include Malwarebytes as one )
Patching – make sure all applications up to the latest Patch levels.
Even when we have done all of this we need to be careful about
– Phishing – someone posing as a company or brand
– Spoofing – someone forging an email
and we need to always remember that it is not all about Technology but also about People and Processes ( Training ) and Leadership from the top.
When reporting cyber fraud attacks – 4 places to remember ….
Your local Police ( 101 ) when an attack is in progress
The UK Cyber Security Association and The Cyber Helpline ( during attack too )
Action Fraud ( after )
NCSC Phishing Reporting Line.
Most attacks are unreported because people do not want to admit they have been hacked.
At the UK Cyber Security Association we will be launching the ITN Documentary “Safer Cyber Spaces” in conjunction with 2 major National and International Cyber Expos.
A member of the ITN Team actually got attacked last week when buying and selling their home.
This is no longer about random hackers targeting selected accounts it is indiscriminate and ( Ro ) BOT / AI driven apps bought on the Dark Web.The Robots work until they find a hole and then that hole is made bigger. Some companies never ever recover.