Cyber Essentials Changes: Multi-factor Authentication

  • Home
  • Blog
  • Cyber Essentials Changes: Multi-factor Authentication
image
  • Posted On: January 18, 2022  

Executive Summary

On 24th January 2022, the newest requirements for the Cyber Essentials scheme will come into force, in the scheme’s biggest overhaul since its launch in 2014. Backed by the government and organised by the NCSC (National Cyber Security Centre), the scheme is a way for businesses to showcase their cybersecurity measures, and assure customers that they’re protected against some of the most common online threats. Ahead of the update, we’ve put together a series of articles looking into the biggest changes - here’s our third instalment!

What changes have been made?

With the workplace landscape shifting in recent years, and online crimes becoming more and more sophisticated, the NCSC has made some much-needed updates. As well as helping to keep information safe, these must be met for your business or organisation to be given the Cyber Essentials certification. If you haven’t already, you may need to make some changes to your software or the services you use to ensure you’re in line with the new requirements. A big change that’s set to come into effect on 24th January 2022 is that multi-factor authentication, or MFA, must be used when accessing cloud services.

Why is this a requirement?

As multi-factor authentication requires the user to provide more than one method of verification, such as a one-time password or fingerprint, it’s more secure than only having a username and password. Since there has been a rising number of attacks on cloud services, and attempts to steal users’ passwords, MFA should always be used whenever you’re accessing administrator accounts or by any accounts that can connect to cloud services. With Cyber Essentials, there are four separate types of additional factors that can be used. Those are: a managed enterprise device, an app on a trusted device, a physically separate token, and a known or trusted account.

Get more information on the Cyber Essentials updates with our series of blogs. The first two cover home routers and cloud services - keep an eye out for the rest. For advice on what needs to be done, or just to find out more about how we can help you and your business to meet these new requirements, just get in touch.



Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.

About Us

Established in 2013, Cyber Security Associates Limited (CSA) provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat. We have built our team from a foundation of Government (ex-Military) and Commercially experienced specialists all holding current and relevant cyber certifications. Today our core services are based around a 24/7 Security Operations Centre (SOC) based in Gloucester.

News & Resources

Quick Links

Contact Information

Phone: +44(0) 300 303 4691
Email: [email protected]
Address: Head Office, Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
Sign up for our newsletter


cert

2024 Cyber Security Associates Ltd - All Rights Reserved | All Logos and Trademarks are © or ™ of there respective owners