Audit confirms ABPmer cyber safety

Quality Assurance | Company news

Compliance with the Cyber Essentials scheme demonstrates we have taken steps to be fundamentally cyber safe.

Cyber crime costs the UK billions of pounds and causes untold damage to individuals and businesses.⁽¹⁾ However, most cyber attacks are basic in nature, carried out by relatively unskilled individuals.⁽²⁾

The Cyber Essentials certification scheme is part of the UK Government’s National Cyber Security Strategy, providing an independent assessment of the security measures organisations have in place to mitigate risks from internet-borne threats.

Companies holding a Cyber Essentials certification have demonstrated that they have the controls in place to protect against the majority of the most common cyber attacks.

Certification body IASME has renewed ABPmer’s Cyber Essentials certification, providing assurance to our clients, suppliers, employees and other stakeholders that we have taken steps to be fundamentally cyber safe, by embedding information risk management measures in our systems and day-to-day working practices.

To earn the certification, we completed a Cyber Essentials self-assessment, which was externally assessed for compliance with the requirements of the scheme by an accredited Certification Body.

Our certification demonstrates that we have the following technical controls in place:

Firewalls

A boundary firewall is a network device which can help protect against cyber attacks by restricting traffic to services on its network. Every ABPmer device is protected by a correctly configured firewall or equivalent network device, which:

• Requires a secure administrative password that is routinely changed

• Prevents unnecessary internet access to the administrative interface

• Blocks unauthenticated, inbound connections by default

• Adheres to rules approved and documented by an authorised individual

• Does not include permissive rules no longer needed

Secure configuration

Our computers and network devices are properly configured to reduce the level of inherent vulnerabilities. This includes:

• Removal of unnecessary user accounts and software

• Changing default account passwords to secure passwords

• Disabling auto-run features that allow file execution without user authorisation

• Authenticating users before allowing internet access to sensitive or critical data

• Robust password-based authentication controls

User access control

ABPmer staff can only access applications, computers and networks necessary for their role. This requires:

• A user account creation and approval process

• Authentication of users before granting access to applications or devices, using unique credentials

• Removal of user accounts and special access privileges when no longer required

• Two-factor authentication, where available

• Administrative activities performed only by administrative accounts

Malware protection

Execution of known malware and untrusted software is restricted. Each ABPmer device uses at least one of the following malware protection mechanisms:

• Anti-malware software

• Application allow listing (approval process)

• Application sandboxing (virtual containment until permission is granted)

Patch management

No ABPmer device or software is vulnerable to known security issues when fixes are available. We keep software up-to-date by ensuring it is:

• Licensed and supported

• Removed from devices when no longer supported

• Patched within 14 days of an update being released

Learn more about the independent audits and awards that testify to our assurance of quality.

Header photo: iStock.com/KrulUA

REFERENCES

^{(1)^ National Crime Agency}

^{(2)^ National Cyber Security Centre}