Cyber Security Background
In an era of daily cyber-attacks in both the public and private sector, SalesSense decided to go through the process of getting Cyber Essentials certified by the National Cyber Security Centre in the UK. These daily global cyber-attacks include malware such as trojans and ransomware, phishing, password attacks, denial of access attacks, just to name a few. This was potentially a huge threat to both SalesSense and its partners.
Why is Cyber Essentials very important to both SalesSense and its partners?
Security of data is of paramount importance to both SalesSense and its partners. Hence, earlier this year, we were delighted to gain certification in “ISO27001:2013, Compliance Information Security Management System”. In terms of Information Security and defending against cyber-attacks in the UK market, an additional standard, Cyber Essentials is required.
When did SalesSense become certified in Cyber Essentials?
We are happy to announce that SalesSense received Cyber Essentials certification in April 2022.
What does this certification mean for SalesSense’s partners?
In achieving this certification SalesSense successfully displayed to the Cyber Essentials team of auditors that we take great pride in having a robust and secure network, combined with a framework to mitigate against potential vulnerabilities and bad actors.
What was the process involved?
We teamed up with IT Governance to assist with the certification process .They provided us with an incredibly helpful support team who were on call to answer any questions and were at hand to review our Cyber Assessment before being submitted to be officially audited.
What exactly does the Cyber Essentials standard cover?
The standard deals with the effectiveness of cyber-attack protection tools such as boundary firewalls, access control, internet gateways, device security configuration, malware protection and patch management.
5 key controls of Cyber Essentials
– Boundary Firewalls and Internet Gateways
– Secure Configuration
– Access Control
– Malware Protection
– Patch Management
Scope: Cyber Essentials covers the following areas:
Home Working: Since the rise of Home Working the cert has been updated to include under the scope of the assessment process. As we use a hybrid remote working model here at SalesSense, the accreditation shows that crucial firewall controls and secure group policies are implemented to end user devices.
Device locking after unsuccessful login attempts
Password-based and multi-factor authentication requirements i.e., throttling of attempts, password minimum of 12 characters,
- Using separate accounts to perform administrator activities only
- Includes end-user devices including security on tablets and phones and laptops
- All high and critical updates must be applied within 14 days and remove unsupported software
All software on in scope devices must be:
- Licensed and supported
- Have unsupported software removed from devices
- Have automatic updates enabled where possible
What are the benefits to SalesSense’s partners of Cyber Essentials?
\”Being Cyber Essentials certified provides assurances that SalesSense has taken every step in protecting the processing and handling of sensitive data.
Cyber Essentials is a security framework and a set of best practices to protect against unsophisticated Internet attacks.\”
Paddy Cumiskey, Head of Technology, SalesSense