As businesses continue to strengthen their cybersecurity posture, it’s important to remain up to date with the ever-growing number of resources and frameworks that can ensure optimal cyber infrastructure is in place.
Exactly four years ago in June 2018, the UK Government released its Minimum Cyber Security Standard (MCSS) in conjunction with the National Cyber Security Centre (NCSC). The framework is the first in a proposed series of technical standards to be developed, aimed at helping businesses benchmark their cyber resilience and develop adequate infrastructure in response to their findings. All government departments and contractors are required to adhere to the standard without exception, however the MCSS is optional (but recommended) to wider businesses.
This week we aim to decode the MCSS, and highlight how it can be utilised to improve your business’ cybersecurity posture.
What does the MCSS framework consist of?
The MCSS framework consists of ten standards grouped into five categories, all of which should be fulfilled or exceed by businesses desiring compliance. These five categories are labelled as such; Identify; Protect; Detect; Respond; and Recover.
Businesses should put in place necessary cyber security governance processes, also businesses identifying and compiling the key operational services they provide. Furthermore, businesses should identify and catalogue sensitive information, continually identifying which users have access to such sensitive information – with continual revision and management.
Access to sensitive data and key operational services must be kept to a minimum, only being provided to identified and authorised system users. Systems which contain said sensitive data and services should be protected from exploitation, and highly privileged accounts must not be vulnerable to common cyber-attacks.
Businesses must have necessary systems and processes in place to detect common cyber-attacks.
Businesses must have a defined, planned and tested response to cyber threats and breaches, especially with regards to incidents impacting upon sensitive information or key operational services.
Businesses will implement well defined and tested processes to ensure business continuity in the event of a failure, compromise or breach.
Why should your business follow the guidance set out in the MCSS?
As the MCSS has been designed to ensure all governmental departments are protected to the highest standard possible in the face of cyberthreats, the advice contained within the framework is hugely beneficial to businesses. In the above definitions a basic introduction to the guidance has been provided; whilst the MCSS document is a short one, the official outlines provided within it go into more depth, providing more specific guidance on the processes to be implemented. For example, businesses are required to implement endpoint protection on mobile phones and encryption on devices – this can be achieved with programmes such as Microsoft Defender, which can be implemented by your MSP.
The guidance has been welcomed by the MSP and cybersecurity industries, allowing businesses to identify weaknesses in their security posture and strengthen their protocols going forward. It is essential to ensure your business is adequately prepared in the face of cyberthreats, with the ability to identify and counter common cyber threats. If an attack were to occur, it is crucial to have data backups available in order to secure business continuity.
If you feel your business needs to re-evaluate its security infrastructure, then our team of cybersecurity experts at Fitzrovia IT are able to help you identify potential weaknesses in your business, bringing your posture in line with government expectations. To find out more about the cybersecurity certifications we offer support with – such as the updated IASME Cyber Essentials Framework – then get in contact our team today.