The New 2022 Changes to Cyber Essentials
In this article, we’ll go through the major changes in the 2022 Cyber Essentials update, explaining why and how the controls for certifications will be different.
What is Cyber Essentials?
if you didn’t already know, Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks
There are several benefits to becoming Cyber Essentials Certified, including:
- ZIt reassures your customers that you are securing your IT against cyber attacks
- ZIt attracts new business with the promise you have your cyber security practices and measures in place.
- ZSome Government contracts require Cyber Essentials certification - this helps set your business apart from the rest
Why has Cyber Essentials Changed in 2022?
From January 24th 2022, Cyber Essentials will have an updated set of controls which businesses must comply with in order to maintain their Cyber Essentials certification.
The digital world and the way we work has drastically changed since the launch of the Cyber Essentials scheme in 2014. The updates have been introduced to reflect this.
What are the Main Changes for Cyber Essentials?
The update to Cyber Essentials doesn’t alter the structure of the controls currently within the certification, but rather, it adds to them. Businesses that want to retain their certification must abide by these added rules and specifications.
Here are the key additions to the Cyber Essentials scheme.
Home Working Devices
Due to the pandemic, there has been a rise of people working from home, which means there are many new devices that might not be under control of the company. One of the new guidelines for Cyber Essentials is that these home devices must fall within the scope, and the firewall settings on any device must comply with the specifications.
Multifactor Authentication, also known as MFA or 2FA is another new requirement within Cyber Essentials. MFA is very important as it acts as additional protection for a user’s account, making it much less likely to be hacked. All cloud services accounts must have MFA enabled to be compliant.
One of the biggest changes to the Cyber Essentials specifications is the addition of cloud services. Cloud services are covered by several of the Cyber Essentials controls, including user access control and secure configuration. For a business to comply with Cyber essentials, they must take responsibility for these services.
Cyber Essentials, has always required businesses to ensure that certain high-risk vulnerability updates have been applied, but companies could previously be selective about the updates they completed (or didn’t).
However, to comply with the new 2022 rules, all critical risk updates must be installed within 14 days of the update.
Additional Software Criteria
On top of the new critical software updates requirement, there are additional requirements for software installed on in-scope devices. This software must meet the following criteria:
– Software must be fully licensed and supported by the developer e.g. Microsoft
– Software must be removed from any devices that are no longer in scope
– The software must have automatic updates enabled
-As mentioned above, all critical or high updates must be installed within 14 days.
Want Cyber Essentials for your business?
At Reformed IT, all of our clients receieve the Cyber Essentials Certification as part of our support contracts. We also help businesses meet the requirements to obtain Cyber Essentials Plus.
Reformed IT’s all-in-one platform helps any business reach the UK government standard for cyber security within 24 hours – easily and affordably. We can help you achieve Cyber Essentials, Cyber Essentials Plus, and GDPR Readiness, reducing cyber risks by as much as 99%.
But protecting your business doesn’t end with getting certified. So we go even further. Our platform monitors all of your company’s devices, checking for updates, firewalls and security measures every 15 mins, keeping your business safe 365 days a year.
If you’re interested in Cyber Essentials for your business, contact our team on 01158 244 824 or email us using the button below.
Interested in what else our IT Support package includes?
There are many reasons that IT support with Reformed IT is a great choice for your business or organisation. If you choose Reformed IT for your IT support, you'll receive all these benefits including help from members of our experienced team when needed.
Unlimited IT Support
We provide fully inclusive, onsite and remote IT support. In addition to that, it won't cost you extra for an engineer to attend your site to resolve a technical issue.
Device Status Monitoring
When we take on your IT support, we deploy our monitoring agent onto all devices and servers. This alerts us to any issues which you may be unaware of.
Data Breach Monitoring
There are over 8 billion breached passwords and personal information available on the dark web. There's a possibility that some of this data relates to your employees. We'll monitor dark web activity and provide reports of breached passwords.
Cyber Essentials Certification
We ensure every one of our clients achieve their Cyber Essentials certification at no additional cost. We also help them towards Cyber Essentials Plus ensuring that everything is ready for assessment.
Office 365 Monitoring
We monitor your Microsoft 365 tenancy with our 24/7 security operations centre. If there is strange activity we'll find it immediately and alert you or resolve the issue straight away. Keeping your business secure.
Everyone wants to avoid computer viruses. We include anti-virus software as part of our IT support package to keep your devices safe and to save time when it comes to viruses.
Over 90% of cyber attacks start with a phishing email. It's crucial that your business has the best defence against cyber criminals and scams when regarding your mailbox.
Backups for Office 365
We will ensure that all of your emails and files are backed up, at no extra cost. We recognise the importance of backups and disaster recovery so we feel it shouldn't be an added extra.
Managed Email Signatures
With our included Exclaimer signatures for Office 365 service, you can get more out of your email signatures instead of a simple message with no images.
Cyber Security Training
To keep you even safer from hackers, we provide globally recognised and market leading Cyber security training by PhishingTackle. This online training portal will provide your teams with guidance and information to reduce the risk of hackers and scams.
Asset and Warranty Tracking & Reporting
We provide you with a list of your current assets in the business by using our powerful remote management tools. This creates a monthly asset report so you can keep track of your hardware life cycles.
Reformed IT Academy
We'll provide your business with the best IT training and learning sources. With the Reformed IT Academy, you’ll be able to watch and complete over 700 courses to help grow your knowledge and skills.
Password managers make storing and creating passwords much easier and safer. Keeper password manager also auto-fills passwords making the sign in proccess much quicker.
Cyber Threat Monitoring
With Huntress, you'll have an extra layer of security to help keep hackers out of your business. You'll be able to Monitor cyber attacks and malicious activity.