If you work with sensitive commercial and customer data then it’s highly advisable to regularly review, test and tighten-up your team’s security protocols.
One straightforward approach is to implement and maintain an enhanced level of cyber hygiene as defined and recommended by the UK’s National Cyber Security Centre (NCSC).
This Government-backed accreditation is a pre-requisite certification for working with elements of UK Government, Defence and Healthcare. Increasingly, UK businesses are looking to demonstrate supply chain security and data protection best practice, to their customers and shareholders.
There are two levels of certification: Cyber Essentials, and Cyber Essentials Plus.
5 key controls are provided by the scheme
- Firewalls
- Patch Management
- Malware protection
- Access Control
- Secure Configuration
CE Scheme documentation is widely available online but some of the most obvious and critical protections are in the following areas
- Securing firewalls and routers against unauthenticated inbound connections.
- Policies encouraging automatic and rapid software patch management and whitelisting per device
- Patch levels of additional applications installed (Office, Adobe, Java, Firefox, Chrome etc)
- Up to date mobile Operating Systems & applications
- Lock screens enabled on mobile devices
- Other configuration and account handling weaknesses associated with the build of the devices.
- Strong password policies and adoption of Multi Factor Authentication
All these elements are verified by a series of on-site visits from the Certifying body to ensure the devices and companies have met the requirements of the scheme. Additionally, certification requires submitting to a set of external vulnerability scans to demonstrate that the final requirements have been met.
Check your suppliers here to identify their level of Certification.
https://iasme.co.uk/cyber-essentials/ncsc-certificate-search/
One of Vuzo’s core values is a commitment to information security and integrity. As such, Vuzo Ltd holds the highest level of Cyber Essentials certification and we encourage all our customers to emphasise high standards of operational cybersecurity in all supplier engagements, sharing their information with secured businesses.
Vuzo Ltd is listed on NCSC’s database of CE certified organisations, at the highest level of certification, Cyber Essentials Plus.