We'd love to hear from you

If you have an enquiry about our solutions or services then feel free to drop us a line to see how we can help.

News


Keeping your data protected… with Office 365 Advanced Threat Protection

Keeping your data protected… with Office 365 Advanced Threat Protection

Keeping your data protected… with Office 365 Advanced Threat Protection

We released a blog back in June 2017, soon after the release of the Advanced Threat Protection (ATP) service within Office 365. As a brief re-cap; in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their optional add-on security service. Filtering emails, with little impact on productivity, ATP is among the strongest of the add-ons suite to 365, which we strongly urge businesses to adopt.

Including key features, such as Safe Links, ATP prevents users from inadvertently clicking on malicious links embedded within phishing emails that are falsely representing themselves from a genuine source, such as a bank, government body or trusted brand name.

Safe Attachments, protects your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.

 

ATP has been around since 2017, so what’s new?

A key feature, which has been added to the service’s Anti-Phishing tools, focuses on Impersonation Detection. ATP has been working to defend against phishing attacks for quite some time, however attacks known as, “spear-phishing” or “whaling”, where criminals impersonate a trusted sender often targeting individuals within a business that may have access to valuable data, are far more difficult to detect.

If the hacker can get their email delivered to their intended target, they are far more likely to be fooled by domain name impersonation. Where two very similar names are used, so similar in fact, that at first glance most users wouldn’t notice anything wrong with the email.

The new Impersonation Detection service works to detect lookalike email addresses and domain names that may be used to trick users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a trusted email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to possible risks.

This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.

 

Could someone impersonate my domain?

Simple answer, yes. It is surprisingly easy for those with relatively basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to steal valuable data, or simply cause disruption & down time.

One particular risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to impersonate your domain, with the one key objective of fooling your own staff.

Recent examples include, a Finance Director’s email account being impersonated – with an accurate mask of the name, full email address, and even his email signature! An email gets sent from this fake account to another member of the Accounts Department, asking them to make payment on a fictitious invoice to a particular bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing mistake.

 

How can I use ATP to protect against this impersonation?

ATP will automatically keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-defined choices) that fall into an untrusted category, perhaps a spoof domain that is very similar to your own (down to simple differences, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team out of harm’s way.

The threat management dashboard contains real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the threats.

Phishing

There is of course the risk that genuine emails may well be filtered out, so you can of course view a list of all of the quarantined emails and choose to take action on them all collectively or by individual email.

Phishing

 

What are the next steps?

If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately! Contact the team to receive support in obtaining and best-configuring the service to sufficiently protect your data, users and livelihoods.

 

Who are Urban Network?

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

Security, without the burden

Security, without the burden

Theft is on the rise!

Thieves are stealing from you… but, no longer are they climbing out of the bedroom window with your television. Today’s cyber criminals want to get access to your valuable & sensitive data, and with some slightly more sophisticated tools at their disposal, they are rather easily stealing your login credentials to get access to such private files & documents.

With businesses continually adopting cloud computing, it is only natural that cyber attackers are following this trend by shifting their focus towards these evolving cloud environments. They’re using their tried and tested methods, such as password guessing and phishing campaigns, to drive these attacks.

As one of the largest cloud communication & collaboration tools today, Microsoft’s Office 365 platform has become a particularly juicy target.

So, there’s most definitely a credible threat, completely regardless of your business size, type or location. But, what can you do about it?

 

Better secure your cloud services in a straight-forward way

Cyber Security tools & practices need not be ludicrously complex or expensive. There are many best practice methods that could be deployed within your business to mitigate the risk of attack & heavily reduce your vulnerability.

Multi-factor authentication (MFA), or often referred to as 2-factor authentication (2FA), is a straight-forward process of adding another user verification step, beyond just a password, to the login process for a system or cloud-based service.

As a simpler end-user friendly security provision, MFA typically triggers a single-use code to the user that must be input into the website/system before the login can complete. The code can be delivered to the user by text message, phone call or via an in-app notification – at the user’s choice.

Should a user receive such a notification without having requested it first, their account is likely vulnerable, and it would be advised to reset their password. Importantly, however, their account remains secure, as without the single-use code the account may not be accessed.

 

But this might be difficult for our users to adopt

The single-use codes may be difficult to rollout to your team without resistance. But there other means you can deploy to achieve the same goal – such as restricting the IP addresses from which user’s may login from, or control which devices may login through a pre-authorised list controlled by Azure Active Directory, are just two examples.

Businesses with the appropriate tier of licensing may be able to use conditional access to enforce the use of MFA within their organisation – giving users no choice but to comply with the more secure process.

 

New Office 365 guidance from Microsoft

Microsoft have recently released new security guidance, (albeit aimed at the public sector – is relevant to all industries), which provides up to date advice on how best to implement Office 365 installations, so that they meet the National Cyber Security Centre’s (NCSC) cloud security principles. We recommend this advice to organisations of all sizes & types.

The guidance covers the use of all Office 365 services. So, the measures suggested will provide you with the confidence that you are safely using newer cloud-only features that cover all of your familiar applications & services.

 

How can I implement this within my business?

Depending on your current licenses and tools you have access to, there may be different options available to you.

At Urban Network, we’re best placed to review, consult with you and configure cyber security best practice.

If you are an existing client of Urban Network, then we will be actively reviewing your cyber protection and providing direct advice to you to keep ahead of this ever-growing threat. If you have any questions, concerns or simply wish to discuss your cyber security options further, please consult your Account Manager.

If you are new to Urban Network, we’d love to help. We take a proactive stance on the review of technology within our client’s businesses – it’s our mission to help you and your business get the best value from technology to drive an efficient & profitable operation.

With such a heavy-reliance on our tech systems these days, protecting the data held within them is important, now more than ever. To receive some guidance & peace of mind, please contact us to schedule a free, no obligation review session to discover your current position & the options open to you.

 

Can I stay ahead?

The cloud tools we use are constantly changing & so are the risks to our data security. It is therefore worth planning to periodically review the configuration of your services and check to see if your vendor or support partner have updated their recommendations.

 

Who are Urban Network?

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

References –

Office 365 security guidance from the National Cyber Security Centre.

Microsoft public sector cloud security guidance.

National Cyber Security Centre cloud security principles.

 

Windows 7 End of Life

Windows 7 End of Life

On January 14th 2020 Microsoft will end extended support for the Windows 7 Operating System. This is known in tech terms as end-of-life for the software. So, what does this mean and how do you prepare for Windows 7 End of Life?.

What does “End of Extended Support” mean?

Firstly, end of extended support doesn’t mean that Windows 7 will stop working, but critically, end of support does mean that Microsoft stop developing the product, and this means no more security updates. After the 14th January 2020 all technical assistance and automatic updates that help protect your PC will no longer be made available for the product. Sticking with Windows 7 means you are extremely vulnerable to exploits and bugs. His is not a recommended position for your company to be in.

Microsoft “strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available.
.

How Can you Prepare for Windows 7 End of Life

According to NetMarketShare’s January 2018 data, 42% of Microsoft’s customers who purchased Windows 7 are still using it. Meanwhile, only 34% of the people who used Windows 7 have upgraded to the most recent operating system, Windows 10.

The first step when preparing for Windows 7 End of Life is to identify the machines that are currently running this Operating System. If you are already a client of Urban Network, we can walk you through this process. Once you have this information, it’s time to think about upgrading or replacing.

With minimum specifications needed to run a Windows 10 Operating System, there is some speculation that as Windows 10 evolves that these specs may no longer be enough. We recommend that desktop PC’s are replaced every 4 years, with the cost of the upgraded Windows 10 license and professional services associated with the upgrade process, it may be more prudent to take the opportunity to perform a refresh of this older desktops. Having your employees using newer, faster computers will certainly improve productivity and overall happiness within their job roles which will all contribute to the bottom line.

How We Can Help

The most important step is to recognise that you need to start planning, whilst January 2020 may still seem some time away, if you have many PC’s running Windows 7, you will need to have a deployment plan in place.
Urban Network can help you to identify what PC’s are running Windows 7 and investigate the most prudent options for you to upgrade with Windows 10 Operating System.

10 + 13 =

7 Key Principles of Business Continuity for Business

7 Key Principles of Business Continuity for Business

Disaster recovery and business continuity planning should be considered a critical aspect of running a business. These 7 key principles of Business Continuity will help you get started in the right direction when crafting an effective business continuity plan.

1. Get employees involved

Business Continuity plans only work if everyone understands them. Employees are also a great source of ideas and insights about how your business might be affected by a disaster. So business must communicate Business Continuity plans to employees regularly – and actively solicit their input.

2. Keep customers in the loop

Customers are the lifeblood of every business. They should be treated as such even during a disaster. Alerts on the company website, email broadcasts, social media and text messages to key contacts’ mobile phones are all good ways for a business to express concern about the impact of a disaster on its customers. That level of service can even help transform a disaster into an opportunity for greater long-term customer loyalty.

3. Collaborate with suppliers

Businesses increasingly work in tightly interdependent networks of suppliers and partners. By working collaboratively with these third parties, businesses can make themselves even more resilient and well protected against disasters large and small.

4. Periodically test and update Business Continuity plans

It’s not enough to formulate a plan once and put it on paper. Assumptions about a plan should be validated with real-life testing. Plans also have to be updated continuously to ensure that they accommodate changes in the business’s products, services, relationships, size, geographic reach, etc.

5. Factor in compliance

Businesses are subject to a variety of regulatory mandates that may require certain disaster preparedness measures. Health and Safety Executive (HSE) may be particularly relevant in regards to workplace safety.

6. Examine insurance options carefully

Coverages vary greatly, and policy language can be confusing. Businesses have to exercise careful legal and financial diligence to ensure that their policies cover all aspects of disaster recovery and revenue loss, not just the repair of initial damage. In some cases, it may make sense to obtain contingent business interruption insurance. This type of policy provides additional coverage for the harm a disaster can do to a business indirectly, for example, if a supplier in a different climate fails to deliver promised goods because of a local blizzard.

7. Data backup is not enough

Many businesses think they’re safe just because they’ve backed up their critical files. The problem is that those files depend on applications and systems to be of any use to the business. That’s why, in the event of a disaster, it’s essential to be able to run applications on-demand from virtual machines backed up in the cloud.

Take a peek inside at the eBook

What you should look for in a Backup and Data Protection Solution?

Due to limited financial and IT resources, it is crucial for a business to know exactly what to look for in a backup and data protection solution. In this guide we’ll be outlining 6 key criteria for business to keep in mind when seeking out total data protection.

  • Comprehensiveness

  • Ease of use

  • Recoverability

  • Performance and reliability

  • Affordability

  • Scalability

10 + 12 =

We keep your business running, no matter what

Here at Urban Network, we don’t want to see your business get caught unprepared for a disaster. With our award-winning business continuity solutions, we can ensure that we provide your business with the tools to survive and recover from un-foreseen dramas.

Book a free on-site, no obligation attached Disaster Recovery demonstration and see how Urban Network’s Disaster Recovery & Business Continuity Solution can keep your business running in a complete disaster situation.

Demo

Book your Business Continuity and Disaster Recovery Demo with our experts

Case Study

Read our case study on how we help a global financial institution got back on its feet after getting hit with a major server failure, in fewer than 2 hours

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

[Download] Backup and Data Protection for Business eBook

[Download] Backup and Data Protection for Business eBook

Why backup and data protection is critical for a business?

It is important to understand why backup is critical for a business.

Today’s businesses are creating more data than ever and you need a robust backup and data protection for your business sensitive data.

Successful backup is the foundation for disaster recovery and business continuity. Without it, recovery and continuity cannot exist. Technologies that were created decades ago to store data are simply not enough. Antiquated methods, like tape backup, aren’t going to ensure data retention and recovery during business critical time windows.

Take a peek inside at the eBook

What you should look for in a Backup and Data Protection Solution?

Due to limited financial and IT resources, it is crucial for a business to know exactly what to look for in a backup and data protection solution. In this guide we’ll be outlining 6 key criteria for business to keep in mind when seeking out total data protection.

  • Comprehensiveness

  • Ease of use

  • Recoverability

  • Performance and reliability

  • Affordability

  • Scalability

6 + 7 =

We keep your business running, no matter what

Here at Urban Network, we don’t want to see your business get caught unprepared for a disaster. With our award-winning business continuity solutions, we can ensure that we provide your business with the tools to survive and recover from un-foreseen dramas.

Book a free on-site, no obligation attached Disaster Recovery demonstration and see how Urban Network’s Disaster Recovery & Business Continuity Solution can keep your business running in a complete disaster situation.

Demo

Book your Business Continuity and Disaster Recovery Demo with our experts

Case Study

Read our case study on how we help a global financial institution got back on its feet after getting hit with a major server failure, in fewer than 2 hours

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Cyber Essentials 101 – IT Security Checklist [PDF Download]

Cyber Essentials 101 – IT Security Checklist [PDF Download]

Why do you need an IT Security Checklist?

According to the Government’s Cyber Security Breaches Survey 2017:

  • 46% of all UK businesses identified a cyber security breach or attack in the last 12 months
  • 6 in 10 of those who identified breaches also say the breach adversely impacted their organisation (being forced to implement new protective measures or having staff time taken up dealing with the breach)

To protect your company’s data and reputation, it is essential to ensure that the network is safeguarded against unauthorised access, data loss, malware infestations, and security breaches.

Take a peek inside at the Checklist

This IT Security Checklist will walk you through five key areas that you need to keep an eye on and help you make sure that all essential measures are taken to keep your network system safe and secure.

  • Legislation
  • Personnel Security
  • Access Management
  • Computer and Network Management
  • Incident Response & Reporting

3 + 2 =

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Cyber Essentials 101 – Patch Management

Cyber Essentials 101 – Patch Management

Patch Management is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Patch Management is important?

Vulnerabilities or security flaws are common in software and are frequently discovered. Once known, it can quickly be exploited by malicious individuals or groups to gain access to networks and computer systems.
Vendors of applications and software will typically try to provide fixes for identified vulnerabilities as soon as possible, in the form of software updates known as “patches”.

What are Patch Management Control requirements?

  • Update software regularly (including operating system software and firmware)
  • Remove software that is no longer supported by vendor
  • Use licensed and supported software
  • All security patches are installed as soon as they are available (within 14 days), especially for ‘critical’ or ‘high risk’

About the Cyber Essentials Scheme

This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.

10 + 4 =

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Cyber Essentials 101 – Malware Protection

Cyber Essentials 101 – Malware Protection

Malware Protection is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Malware Protection is important?

An organisation should implement robust malware software on devices that have access to or are accessible from the Internet. Malware, such as viruses, worms and spyware are created and distributed deliberately to perform unauthorised functions on one or more computers. Potential sources of malware infection include malicious email attachments, downloads (including those from application stores), and direct installation of unauthorised software.

How to manage Malware Protection requirement?

Malware Protection software should:

  • Be kept up-to-date either by configuring it to update automatically (with signature files updated at least daily) or with the use of centrally managed deployment
  • Be configured to scan files automatically upon access. This includes when files are downloaded and opened, and when they are accessed from a network folder
  • Perform regular scans of all files
  • Prevent connections to malicious websites using website blacklisting (e.g. a list of malicious or suspicious website that is checked each time the web browser attempts a connection)
  • Scan web pages automatically when they are accessed through a web browser (whether by other software or by the browser itself)

About the Cyber Essentials Scheme

This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.

8 + 8 =

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Cyber Essentials 101 – Access Control

Cyber Essentials 101 – Access Control

Access Control is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Access Control is important?

This control aims to ensure that only authorised individuals have user accounts and have access and at the appropriate level to reduce the risk of information being stolen or damaged. User accounts with special access privileges such as administrative accounts are often the target of cybercriminals as they have greater access to business sensitive information. When such account is compromised, it can facilitate large-scale corruption of information and disruption to business operations.

How to manage Access Control requirement?

  • Have a provisioning and approval process for user account creation
  • Special access privileges should be restricted to a limited number of individuals, be documented (e.g. individual details and purpose) and reviewed on a regular basis
  • Admin accounts should be configured to require a password change on a regular basis
  • Implement two-factor authentication, where available
  • Every user should use a unique and strong password to access to applications, computers and network system
  • Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
  • Remove or disable user accounts and special access privileges when no longer required (e.g. when an individual changes role or leaves the organisation) or after a pre-defined period of inactivity (e.g. 3 months)

About the Cyber Essentials Scheme

This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.

13 + 6 =

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Cyber Essentials 101 – Secure Configuration Control

Cyber Essentials 101 – Secure Configuration Control

Secure Configuration is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Secure Configuration is important?

A new computer, network devices or installed software cannot be considered secure upon default configurations. Standard or factory settings often use administrator account with publicly known default password, come with unnecessary pre-installed applications and pre-enabled user accounts (sometimes with special access privileges). Computers and network devices should be configured in the most secure way to the needs of the organisation.

How to manage Secure Configuration requirement?

  • Remove or disable unnecessary user accounts (e.g. guest account or unnecessary admin account)
  • Change default administrative password for any user account to alternative, strong password
  • Remove or disable unnecessary software (including application, system utilities and network services)
  • Disable autorun feature to prevent software programs running automatically without user authorisation
  • Enable personal firewall and configure to disable/block unapproved connections by default on desktop PCs and laptops
  • Authenticate users before allowing Internet-based access to commercially or personally sensitive data, or data which is critical to the running of the organisation

About the Cyber Essentials Scheme

This is the second of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.

6 + 9 =

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Access Control is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Access Control is important?

This control aims to ensure that only authorised individuals have user accounts and have access and at the appropriate level to reduce the risk of information being stolen or damaged. User accounts with special access privileges such as administrative accounts are often the target of cybercriminals as they have greater access to business sensitive information. When such account is compromised, it can facilitate large-scale corruption of information and disruption to business operations.

How to manage Access Control requirement?

  • Have a provisioning and approval process for user account creation
  • Special access privileges should be restricted to a limited number of individuals, be documented (e.g. individual details and purpose) and reviewed on a regular basis
  • Admin accounts should be configured to require a password change on a regular basis
  • Implement two-factor authentication, where available
  • Every user should use a unique and strong password to access to applications, computers and network system
  • Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
  • Remove or disable user accounts and special access privileges when no longer required (e.g. when an individual changes role or leaves the organisation) or after a pre-defined period of inactivity (e.g. 3 months)

About the Cyber Essentials Scheme

This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

Get Cyber Essentials Certification

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Have A Question?

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.