In light of technological advancements and shifts in work patterns due to the pandemic, the NCSC updated the Cyber Essentials scheme in January 2022. Organizations are given a 12-month transition period to integrate these new changes. The foundational five technical controls remain consistent, but there are new stipulations for BYOD, cloud services, remote work environments, password protocols, and multi-factor authentication for both on-site and cloud services.
The revised Cyber Essentials now evaluates devices used for remote work, cloud-based Platform as a Service and Software as a Service solutions, thin clients, servers, user-end devices such as smartphones, laptops, desktops, and internet-operated wireless devices.
Furthermore, Cyber Essentials has introduced a scaled pricing model, which varies based on the organization's size, as gauged by the number of employees.
Ensuring that your organization's firewall is configured correctly to filter incoming and outgoing network traffic, safeguarding against unauthorized access and potential threats.
Implementing secure settings for your devices and software to reduce vulnerabilities. This includes keeping systems up to date, changing default passwords, and disabling unnecessary features.
Managing user access privileges, ensuring that only authorized individuals have access to sensitive information and systems. This control helps prevent unauthorized access and data breaches.
Installing and maintaining antivirus and anti-malware software to detect and remove malicious software that could compromise your organization's data and systems.
Keeping all software and operating systems up to date with the latest security patches and updates to address known vulnerabilities and weaknesses.