Cyber Essentials: Malware Protection and Software updates
In todays blog article we’re going to talk about Cyber Essentials and what is expected of Malware protection and Software Updating.
First up, is Malware, or malicious software. Malware can be defined as any type of file or application which is harmful to a device, whether it is a mobile device, such as a phone, computer, laptop or smart device. It is closely linked with other types of damaging software, such as viruses, worms and trojans.
Malware can come in all shapes and sizes, some can be designed to target specific companies or devices, others are a free for all, such as ones that encrypt your information and then ask for money to unlock the device.
Malware can be installed on a device manually by a malicious attacker, although this is rare, as it requires prior connection or physical access to the device in question. The more common way for malware to be installed is by someone clicking on a link or installing an application which has malicious code embedded, this is usually the case when downloading software from non-legitimate websites.
Once the malware is installed on the device, depending, upon the payload, it can sometimes talk to external websites and update its settings and tailor its attack package and vary what actions it carries out.
So now you know what malware is, how to you protect yourself against this? Most of the time malware will come from an email or non-legitimate application as previously mentioned, so the best way to protect yourself against this is to ensure that your emails are configured correctly, ensuring that you block a lot of the file attachments that may allow malware to get through. For example, blocking file attachments for batch and executable files (.bat and .exe), blocking PowerShell files and zip files can also help safeguard you against these attacks.
But blocking or protecting email is only one form, how do you protect your devices against malware if it doesn’t come via email? This is done by ensuring that your devices are kept up to date with all the latest security patches available. This helps to ensure that your device stays safe and secure and that its protected against all the latest known threats and vulnerabilities.
You should also ensure that you do not run as a local administrator (or root user), for your day-to-day activities, this will help you protect your machine if you do accidently run some malicious software as most malware will require administrative level access. Running as a standard or low-level access user will help you block these types of attacks.
Lastly you should ensure that you are running antivirus on your device, or if you are using Windows, enable and turn on Windows Defender.
When it comes to Cyber Essentials and Malware, you will be asked whether you have anti malware installed on all of your devices, this includes your computers, laptops, tablets and mobile phones.
Cyber Essentials will ask you to confirm that you have this software installed, and how are the devices protected, for example, are applications installed from a approved set or app store or is application sandboxing in place, for example using a virtual machine.
Depending upon the answer you provide you will then be asked to expand upon this in a bit more detail, for example, if you have antimalware software installed, is it configured to be updated daily and scan files automatically.
Another question will be, if you have software installed, is it set to scan web pages that you visit and warn against any malicious websites.
Patch management, or when discussing in the Cyber Essentials context is called Software Patching, is the process of ensuring that your devices are kept up to date with all updates which are released.
By ensuring that your devices are all patched with security updates, it will help ensure that your device and all other devices within the environment are further protected against threats.
This not only includes your Operating Systems, such as Microsoft Windows, Linux and MacOS, but also your mobile phones and third-party applications.
Depending upon how your devices are configured, whether you are based in a work environment or work from home. Will depend upon how your devices are kept up to date.
Most simply, allowing your devices to make use of the now default Auto update feature which is available in all Operating Systems and the majority of applications is by far the easiest way of ensuring that devices are kept up to date.
When it comes to patching and updating your devices, you have a maximum of 14 days to ensure that all your systems and applications are updated with the available critical security updates.
For mobile devices, especially iOS, you need to be running the latest version of iOS. As I’ve just mentioned, you will have 14 days from the release of the latest version on your device to install it across all your devices.
When it comes to Cyber Essentials, the self-assessment questionnaire will ask you the following questions.
Are all of your Operating Systems and firmware on your devices supported by a supplier and produces regular fixes for security problems?
This question is asking you to ensure that you are running a supported Operating System, for example you are not allowed, within Cyber Essentials, to be running Windows 7, Windows Server 2008 R2 or older versions of Windows 10.
But more importantly, ensuring that you update and install any available firmware versions for devices, for example your computers, routers, switches etc.
The next security patching question asks, Are all applications on your devices supported by a supplier that produces regular fixes for security problems?
This is similar to the previous question but is based around your applications that you use. For example, Microsoft Office, Adobe Reader.
The next question asks, is all your software licensed in accordance with the publisher’s recommendations.
As mentioned in the question, you must be running licensed and supported applications. Anything that is not supported must be removed.
The next two questions asks you about installing high risk or critical security updates and ensuring that firmware is installed on devices within 14 days. As previously mentioned, all software and critical updates must be updated within 14 days of release.
The last question in the software patching section of Cyber Essentials asks you whether you have removed any applications which re no longer supported or no longer support security updates. This question is checking to make sure you have removed any old applications which are no longer used or supported. For example, Adobe Flash which will no longer be supported form 31st December 2020.
I hope this has been informative and if you are looking to achieve Cyber Essentials please do get in touch with us.