The Cyber Essentials Checklist: Ensuring Your Organization's Digital Safetyto bottom
What do we mean when we say “Cyber Essentials” checklist? And why should a cybersecurity lifecycle matter for US companies such as manufacturers operating in the state of Colorado?
Let’s start here. Among recent cases, a ransomware attack on a US-based telemarketing company resulted in the shutting down of its operations, and the loss of jobs for hundreds of employees. Irrespective of the size of your business, a successful cyberattack can be detrimental to its survival.
In 2014, the UK government introduced a Cyber Essentials framework – for example – designed to help prevent cyberattacks. It had been estimated that approximately 85% of common cyberattacks can be prevented by implementing such a Cyber Essentials checklist.
Obtaining a firm grasp on your own Cyber Essentials checklist, and its implementation, can help ensure your organization’s digital safety and contribute to a better, stronger cybersecurity lifestyle. Cyber compliance is key.
What is the Cyber Essentials checklist?
A Cyber Essentials framework may focus on the following 5 cybersecurity controls:
- Secure configuration
- User access control
- Malware protection
- Security update management
By implementing each of these 5 controls, organizations can protect themselves from various types of cyberattacks. Next, let’s discuss a few recommended items, for each of these controls:
A firewall acts as a barrier between your company’s network and the external network. When it comes to cyber compliance, here is what you need to know about firewalls as part of the Cyber Essentials checklist:
- Always change the default admin password to a stronger password – or disable any remote access for administrators.
- Prevent any external access to the administrative panel unless there is a business need. Alternatively, you can protect the administrative panel using either OTP (one-time password) authentication or an IP whitelist.
- Block every unauthenticated inbound connection.
- Approve and document every inbound firewall rule – along with an authorized user and the business need for each rule.
- Remove (or disable) any permissive rule for firewalls, which are not needed.
- Install a host-based firewall on devices used on public or untrusted networks.
2. Secure configuration
Next up on our cybersecurity lifecycle checklist is configuration. Secure configuration is all about choosing the most secure settings when installing your computers and network devices. Here is information about configuration as part of a Cyber Essentials checklist:
- Remove (or disable) any unnecessary or inactive user accounts.
- Change the default or easy-to-guess password to a stronger one.
- Remove (or disable) any unrequired software.
- Disable any “Auto-run” functionality that allows file execution without any user authorization.
- Authenticate every user before allowing them access to confidential data or files.
3. User access control
Access control is all about providing authorized users with the right amount of access to perform their tasks. Here is what you need for user access control as part of the Cyber Essentials checklist:
- Design a user creation and approval process.
- Authenticate every user using unique credentials – before granting them the required access to applications and devices.
- Remove (or disable) user accounts that are no longer required.
- Implement multi-factor authentication (MFA) for every user.
- Allow only designed administrators to perform administrative tasks.
4. Malware protection
When it comes to the cybersecurity lifecycle, malware protection must not be compromised. With malware protection, organizations can ensure that any malicious software is not running on their systems. For all devices, you must implement at least one of the following techniques:
- Anti-malware software
As part of any cybersecurity and cyber compliance paradigm, here are considerations for the implementation of each technique:
- For anti-malware:
- Update your anti-malware software – with daily signature updates.
- Configure your anti-malware software tool to scan files automatically on access.
- Scan web pages automatically whenever they are accessed using a browser.
- Prevent connections to malicious or suspicious websites.
- For whitelisting:
- Maintain an updated list of approved applications.
- Prevent your users from installing applications without any signature or having an invalid signature.
- For sandboxing:
- Run all unknown code on the sandbox to prevent it from accessing other network resources.
- Protect other resources including other sandboxed applications, data stores, and local network access.
5. Security update management
Security update management is about keeping all applications and devices updated by installing security patches and fixes. Consider it from the Cyber Essentials checklist point-of-view:
- All installed software must be licensed and supported.
- Remove any software that is no longer supported.
- Enable automatic updates wherever available.
- Ensure that the software vendor fixes the following vulnerabilities within a pre-specified timeframe, number of actual days, of a released update, including and importantly – any critical or high-risk vulnerabilities.
Additionally, organizations must also understand the cybersecurity lifecycle to fully protect their assets and ensure operations can continue uninterrupted and without taking unnecessary losses or experiencing prolonged, and costly, periods of ransomware-rated downtime.
Let’s learn more in the following section
5 stages of Cybersecurity lifecycle
For any organization, the cybersecurity lifecycle comprises the following stages:
1. Identification stage
At this cybersecurity lifecycle stage, your organization must identify the systems, resources, and assets that need to be protected. Some examples include identifying physical and software assets, cybersecurity policies, and vulnerabilities.
2. Protection stage
At this stage, your organization must take concrete steps to protect your data and other assets. This can include cybersecurity training for your employees and implementing user access controls.
3. Detection stage
The third stage of a cybersecurity lifecycle is the detection stage, which involves discovering any security breaches in your organization. This includes activities like continuous monitoring of your network and verifying the effectiveness of all security measures.
4. Respond stage
This is the cybersecurity lifecycle stage during which the organization takes appropriate actions to respond to an external threat. This includes mitigation actions to limit the impact of a breach and communicating with stakeholders after a breach.
5. Recovery stage
The final stage is all about how your organization can set up systems and practices to restore full functionality after a major breach. This point in the cybersecurity lifecycle is critical – it can include recovery planning, implementing new security solutions, and adjusting internal processes.
In today’s connected world, every organization must ensure cyber compliance to protect its digital assets from cybercriminals. Implementing the Cyber Essentials checklist is one of the many ways to achieve cybersecurity. The cybersecurity lifecycle is ever evolving and worthy of deeper discussions in our connected Industry 4.0 manufacturing worlds.
At Manufacturer’s Edge, we collaborate with manufacturers to understand their needs and help guide them to the appropriate data and technology solutions. If you want to know more, contact us with your business requirements.