Cyber security

Cyber Essentials

Cyber Essential helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.

Cyber Essentials for CCTV and Alarm Security Installers

Five Reasons Why a UK-Based CCTV/Alarm Installer Should Gain Cyber Essentials Certification

In today’s interconnected world, the importance of cybersecurity cannot be overstated. For CCTV and alarm installers in the UK, ensuring the protection of sensitive data and critical infrastructure is of utmost importance. Cyber Essentials certification offers a practical way to achieve this, helping your business stay secure and competitive in the digital age. Here are five compelling reasons why a UK-based CCTV/alarm installer should consider gaining Cyber Essentials certification:

1. Safeguard Customer Data:

CCTV and alarm systems often involve the collection and storage of personal and sensitive information. Gaining Cyber Essentials certification demonstrates your commitment to protecting this data from cyber threats. It helps you establish trust with your customers by assuring them that their information is secure and that you take their privacy seriously.

2. Protect Your Reputation:

A data breach or cyberattack can be disastrous for your reputation. By attaining Cyber Essentials certification, you demonstrate to both customers and partners that you have taken steps to secure your systems and networks against common cyber threats. This not only safeguards your business but also enhances your credibility in the industry.

3. Win More Contracts:

Many organisations, including government entities and large corporations, require their suppliers to hold Cyber Essentials certification as a prerequisite for doing business. By gaining this certification, you open the door to new opportunities and contracts that may have been out of reach without it. It can give you a competitive edge in a crowded marketplace.

4. Improve Operational Resilience:

The Cyber Essentials framework encourages you to adopt good cybersecurity practices, enhancing your operational resilience. It helps you identify and address vulnerabilities in your systems and processes, reducing the likelihood of disruptions due to cyber incidents. This proactive approach can save your business time and money in the long run.

5. Stay Ahead of Emerging Threats:

Cyber threats are continually evolving. Cyber Essentials certification encourages you to stay updated with best practices and security measures. By gaining this certification, you can demonstrate your readiness to adapt and respond to new threats, ensuring your business remains secure in an ever-changing digital landscape.

In conclusion, Cyber Essentials certification is a crucial step for UK-based CCTV and alarm installers to enhance their cybersecurity posture, protect customer data, and secure their reputation in an increasingly digital world. By investing in cybersecurity best practices and gaining this certification, you can unlock new business opportunities and ensure the long-term success of your company.

Don’t wait until a cyber incident occurs – take the proactive step to secure your business today.

What is Cyber Essentials?

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.

There are two levels of certification:

Cyber Essentials

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

The entry level Cyber Essentials shows you how to address those basics and prevent the most common attacks.

Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.

Alternatively you can familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.

To learn more about Cyber Essentials that we haven't covered here, please visit the National Cyber Security Centre webiste: https://www.ncsc.gov.uk/cyberessentials/overview

The Five Technical Controls

Secure your internet connection
Secure your devices and software
Control access to your data and services
Protect against viruses and other malware
Keep your devices and sofware up to date
Conclusion and Checklists

To start your Cyber Essentials journey to success, fill in the form and submit your details.

1. Use a firewall to secure your internet connection

You should protect your internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other external networks. In the simplest case, this means between your computer (or computers) and ‘the internet’. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed onto your network.

Two types of firewall

Many organisations will have a dedicated boundary firewall which protects their whole network. You should use a personal firewall on your internet connected laptop or computer (normally included within your Operating System at no extra charge). Some routers will contain a firewall which could be used in this boundary protection role. But, this can’t be guaranteed – if you can, ask your internet service provider about your specific model.

2. Choose the most secure settings for your devices and software

Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.

Check the settings

So, you should always check the settings of new software and devices and where possible, make changes which raise your level of security. For example, by disabling or removing any functions, accounts or services which you do not require.

Use password

Your laptops, desktop computers, tablets and smartphones contain your data, but they also store the details of the online accounts that you access, so both your devices and your accounts should always be password-protected. Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised users accessing your devices. Passwords should be easy to remember and hard for somebody else to guess. The default passwords which come with new devices such as ‘admin’ and ‘password’ are the easiest of all for attackers to guess. So you must change all default passwords before devices are distributed and used. The use of PINs or touch-ID can also help secure your device. If you would like more information on choosing passwords, look at the NCSC’s password guidance.

3. Control who has access to your data and services

To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them.

Administrative accounts

Check what privileges your accounts have – accounts with administrative privileges should only be used to perform administrative tasks. Standard accounts should be used for general work. By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised. This is important because an attacker with unauthorised access to an administrative account can be far more damaging than one accessing a standard user account.

Access to software

Another simple and effective way to ensure your devices stay secure and malware-free is to only use software from official sources. The easiest way to do this is to only allow your users to install software from manufacturer-approved stores, which will be screening for malware. For mobile devices, this means sources such as Google Play or the Apple App Store.

4. Protect yourself from viruses and other malware

Malware is short for ‘malicious software’. One specific example is ransomware, which you may have heard mentioned in the news. This form of malware makes data or systems it has infected unusable – until the victim makes a payment.

Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.

Where does malware come from?

There are various ways in which malware can find its way onto a computer. A user may open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware.

How to defend against malware

Anti-malware measures are often included for free within popular operating systems. For example, Windows has Defender. These should be used on all computers and laptops. For your office equipment, you can pretty much click ‘enable’, and you’re instantly safer. Smartphones and tablets should be kept up to date and password protected. If you can avoid connecting to unknown Wi-Fi networks, this will help to keep your devices free of malware too.

Whitelisting can also be used to prevent users installing and running applications that may contain malware. The process involves an administrator creating a list of applications allowed on a device. Any application not on this list will be blocked from running. This is a strong protection as it works even if the malware is undetectable to anti-virus software. It also requires little maintenance.

Sandboxing. Where possible, use versions of the applications that support sandboxing. For instance, most modern web browsers implement some form of sandbox protection. A sandboxed application is run in an isolated environment with very restricted access to the rest of your devices and network. In other words, your files and other applications are kept out of reach, if possible.

5. Keep your devices and software up to date

No matter which phones, tablets, laptops or computers your organisation is using, it’s important that the manufacturer still supports the device with regular security updates and that you install those updates as soon as they are released. This is true for both Operating Systems and installed apps or software. Happily, doing so is quick, easy, and free.

Also known as ‘Patching’

Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered.

Applying these updates (a process known as patching) is one of the most important things you can do to improve security. Operating systems, programmes, phones and apps should all be set to ‘automatically update’ wherever this is an option. This way, you will be protected as soon as the update is released.

However, all IT has a limited lifespan. When the manufacturer no longer supports your hardware or software and new updates cease to appear, you must replace it with a supported product if you wish to stay protected.

Complete this form to enquire about being Cyber Essentials certified.

Cyber Essentials for CCTV and Security Businesses

To learn more about Cyber Essentials that we haven't covered above, please visit the National Cyber Security Centre webiste: https://www.ncsc.gov.uk/cyberessentials/overview