Cyber Essentials Overhauled for New Hybrid Working Era
The UK government has launched a significant set of new requirements for organizations looking to comply with its Cyber Essentials scheme to bring it up to date with the way people live and work today.
Announced late last year, the changes will not impact the scheme’s overall control themes of firewalls, secure configuration, user access control, malware protection and software updates.
However, it has been expanded to address a new set of scenarios brought about by digital transformation and new post-pandemic working patterns.
There’s a new shared responsibility model to ensure organizations can better understand and fulfill their obligations to secure cloud services and infrastructure across SaaS, IaaS and PaaS.
There are also new requirements around home working, which is increasingly the norm for many workers today. This includes expectations about deploying firewall controls to users’ machines and devices.
The program has also been updated to include guidance on which multi-factor authentication (MFA) type to choose for employees, focusing on usability and accessibility.
Backups are not covered because the scheme doesn’t want to “overburden” organizations, even though it strongly recommends a rigorous backup and recovery program.
While the costs associated with Cyber Essentials will remain the