top of page
Search

Prepare for Critical Changes in Cyber Essentials. Don't overlook the importance of MFA.

Cybersecurity standards are evolving rapidly to keep pace with new threats. If your organisation is preparing for the Cyber Essentials assessment, you need to be aware of critical changes coming soon. These updates will affect how assessments are marked and what security measures are expected. For clients supported by Get Cyber Certified, these changes are already reflected in ongoing assessments and guidance. While the official announcement is scheduled for next week, this post will help you prepare for the upcoming changes and why implementing Multi-Factor Authentication (MFA) is now more important than ever.


Eye-level view of a computer screen showing a cybersecurity dashboard with MFA setup
Cyber Essentials assessment dashboard highlighting MFA setup

What Are the Upcoming Changes to Cyber Essentials?


The Cyber Essentials scheme is a government-backed certification designed to help organisations protect themselves against common cyber threats. IASME are continually working with the NCSC to implement changes which will tighten the UK's security stance and reduce the risk of Cyber Essentials Certified organisations falling foul of Cyber Crime. The upcoming changes are expected to tighten the requirements and introduce new criteria to improve security standards.


Key Updates to Expect


  • Stricter Verification of Security Controls

Assessors will likely require more detailed evidence of security measures in place, including system configurations and audit logs.


  • Mandatory Multi-Factor Authentication

MFA will likely become a compulsory element for all user accounts that access sensitive systems or data.


  • Enhanced Focus on Patch Management

Organisations must demonstrate timely updates and patching of software to reduce vulnerabilities.


  • Improved Network Security Requirements

Firewalls and network segmentation could be scrutinised more closely to prevent lateral movement by attackers.


  • Clearer Guidance on User Access Controls

Access rights must already be regularly reviewed and limited to the minimum necessary for each role.


These changes aim to raise the baseline security level and reduce the risk of breaches caused by weak controls.


Why Multi-Factor Authentication Is Essential


MFA adds an extra layer of security by requiring users to provide two or more verification factors to gain access. This could be a password plus a code sent to a mobile device or a biometric factor like a fingerprint.


Benefits of MFA for Your Organisation


  • Reduces Risk of Account Compromise

Even if passwords are stolen or guessed, MFA prevents unauthorized access.


  • Protects Sensitive Data

MFA helps safeguard confidential information and critical systems.


  • Meets Compliance Requirements

Many regulations and standards now require MFA as a security control.


  • Builds Customer and Partner Trust

Demonstrating strong security practices reassures stakeholders.


Practical Steps to Implement MFA


  • Identify Critical Systems and Accounts

Start with admin accounts, remote access points, and systems holding sensitive data.


  • Choose the Right MFA Method

Options include authenticator apps, hardware tokens, SMS codes, or biometrics.


  • Train Employees

Provide clear instructions and support to ensure smooth adoption.


  • Monitor and Review

Regularly check MFA logs and update policies as needed.


How Get Cyber Certified Supports Clients Through These Changes


Clients working with Get Cyber Certified have already benefited from early adoption of these new requirements. The team has been marking assessments with the updated criteria and offering tailored advice to meet the new standards.


What This Means for You


  • Early Guidance

Receive expert advice on how to adjust your security controls before the official changes take effect.


  • Assessment Readiness

Ensure your documentation and evidence meet the stricter verification demands.


  • Ongoing Support

Access resources and updates to stay compliant as the cybersecurity landscape evolves.


Preparing Your Organisation for the New Assessment


To be ready for the updated Cyber Essentials assessment, take these steps now:


  • Review Current Security Measures

Check if MFA is enabled on all critical accounts and systems.


  • Update Policies and Procedures

Reflect the new requirements in your cybersecurity policies.


  • Conduct Internal Audits

Verify patch management, access controls, and network security align with the upcoming standards.


  • Engage with Your Certification Body

Ask questions and seek clarification on any areas of uncertainty.


  • Train Your Team

Ensure everyone understands their role in maintaining security.


Additional Resources on MFA and Cyber Essentials


For more detailed information on MFA and its role in cybersecurity, refer to our recent blog posts:


  • The necessity of MFA in modern security

  • How to implement MFA effectively in your organisation


These resources provide practical tips and real-world examples to help you strengthen your defences.



 
 
 

Comments

bottom of page