News

UK government works to bolster enterprise security

The UK government recently announced a new system to allow businesses to improve and certify their information security efforts.

According to Computer Weekly, the guidance and certification scheme provides information on the basics of cybersecurity. The content of the scheme is based on research from the Information Assurance for Small and Medium Enterprises consortium, the Information Security Forum and the British Standards Institution that illuminated a range of protection measures that are not present in today's UK-based organizations.

"The scheme is intended to show what good security looks like," noted Computer Weekly contributor Warwick Ashford. "Government hopes it will prove a cost-effective way for all UK businesses to mature their cybersecurity by getting the basics right."

Once organizations implement the security framework outlined by the scheme, they can begin an independent assessment process to achieve Cyber Essentials certification under the UK government.

NCC Group CEO Rob Cotton noted that while the details provided by UK officials are "not a silver bullet," they will lay the groundwork for businesses in a number of different industries that have experienced challenges with security in the past.

"This is the sort of support from government that will make a real difference to UK businesses," Cotton said. "By putting standards in place, it gives SMEs an attainable security benchmark, and one which will provide significant protection from a wide range of attacks."

Guidelines: Questions companies should ask
Alongside a summary of the security standards and certification initiative, the UK government also provided its 10 Sets to Cyber Security. The document not only outlines the project's 10 steps aimed at reduce security risks within businesses, but also provides a list of questions companies should ask of themselves to help provide the foundation for security efforts. These include:

  • What internal information should businesses protect?
  • What risks impact this data and how much risk can be accepted?
  • What security measures are needed for protection?
  • Will these measures be adequate?
  • What would occur if one of the identified risks affected the business?
  • How is risk management handled in the company?
  • How can the firm achieve a better understanding of the security risks impacting the business?

10 steps to lessen risks
The scheme also recommends 10 ways to reduce an enterprise's risk of falling victim to one or more of the risks identified. While tailored toward UK businesses, these are measures that every business could implement to bolster data protection, no matter where they are based. The project advises focusing on the following areas of the business, among others:

  • The mobile workforce - Company leaders should develop a plan and provide employee training for working outside of the office.
  • The management of user accounts: Administrators need to create individual authentication credentials as part of management processes for better oversight of user activity.
  • Protection against malware: Organizations must scan to identify any malware present on their enterprise network.
  • Maintaining secure systems: Security patches should be installed once released to ensure that technology is protected from the most recent threats and vulnerabilities.
  • Company-wide monitoring: Businesses need to establish a monitoring strategy to scan for any suspicious activity that could point to an infection. 

Protect data in transit with an SSL certificate today. 

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!