Cyber Essentials Changes: Multi-factor Authentication
On 24th January 2022, the newest requirements for the Cyber Essentials scheme will come into force, in the scheme’s biggest overhaul since its launch in 2014. Backed by the government and organised by the NCSC (National Cyber Security Centre), the scheme is a way for businesses to showcase their cybersecurity measures, and assure customers that they’re protected against some of the most common online threats. Ahead of the update, we’ve put together a series of articles looking into the biggest changes - here’s our third instalment!
What changes have been made?
With the workplace landscape shifting in recent years, and online crimes becoming more and more sophisticated, the NCSC has made some much-needed updates. As well as helping to keep information safe, these must be met for your business or organisation to be given the Cyber Essentials certification. If you haven’t already, you may need to make some changes to your software or the services you use to ensure you’re in line with the new requirements. A big change that’s set to come into effect on 24th January 2022 is that multi-factor authentication, or MFA, must be used when accessing cloud services.
Why is this a requirement?
As multi-factor authentication requires the user to provide more than one method of verification, such as a one-time password or fingerprint, it’s more secure than only having a username and password. Since there has been a rising number of attacks on cloud services, and attempts to steal users’ passwords, MFA should always be used whenever you’re accessing administrator accounts or by any accounts that can connect to cloud services. With Cyber Essentials, there are four separate types of additional factors that can be used. Those are: a managed enterprise device, an app on a trusted device, a physically separate token, and a known or trusted account.
Get more information on the Cyber Essentials updates with our series of blogs. The first two cover home routers and cloud services - keep an eye out for the rest. For advice on what needs to be done, or just to find out more about how we can help you and your business to meet these new requirements, just get in touch.