Changes To The Cyber Essentials Scheme
In January 2022, the Cyber Essentials scheme will go through its biggest changes since the scheme launched in 2014. The technical controls will undergo changes to be tailored to home working and the changes our way of working have been through in the last years. Here’s all you need to know.
Working from home has become the normality and have created a new set of exploits for cyber criminals. Therefore, Cyber Essentials are modifying their criteria to ensure that your business remains safe and protected no matter if your team work from home or in the office. This means that home working devices will be included in the new scope from everything from mobiles to desktops.
What won’t be included?
The only thing not being included in your teams home working setup is routers. If employees work on private networks – they will still be allowed to do so without it affecting your certification.
End User Devices
As are part of the change in home working, ALL end-user devices will now be included in the Cyber Essentials scope. It’s time to get your full asset management up to speed! If you do not already have full visibility into your workforce devices, then now is a good time to get started and put in policies and technology that will help you with future tracking and management.
With the uptake of Cloud technology, most businesses now use the Cloud to some extent. Therefore, the scheme is being extended to cover all parts of Cloud usage, including its infrastructure.
What does it mean for you?
Cyber Security policies now need to be in place around the Cloud, in the same way as you have it now for any physical devices and infrastructure.
Multi Factor Authentication
Multi Factor Authentication (MFA) is now a requirement across your entire business, also Cloud services.
As one of the biggest chances to the scheme, it is also one of the easiest ones to implement. MFA can be installed as a service so you make sure your staff knows what to do, how to do it, and most importantly when to use it.
How will all this affect you?
If you have already started your assessment, then not at all! The changes do not come into effect until the 24th January 2022, until then you will be assessed by the current standards.
But we know that Cyber Essentials can be a bit of a jungle for most. Be sure that we are here to guide you through the process. With a team of experienced engineers, we have been guiding our customers through the assessment to achieve the certification since it launched in 2014. Be sure, that we will get you there too.