Cyber Essentials Security Policy

  1. Introduction

As part of Ascot Design Consultancy’s commitment to protecting our business, clients, and employees, we have implemented the Cyber Essentials framework. Cyber Essentials is a government-backed scheme that helps organizations safeguard against common online threats. This document outlines our approach to achieving the Cyber Essentials certification, including the security measures we have in place to protect our information technology (IT) infrastructure.

  1. Scope of the Cyber Essentials Implementation

This policy applies to all staff, contractors, and third parties who have access to Ascot Design Consultancy’s IT systems, networks, and data. The following systems are included in the scope of this policy:

  • Desktops and laptops used by staff
  • Office network infrastructure (routers, switches, firewalls, etc.)
  • Email systems
  • Cloud-based file storage and collaboration platforms (e.g., Google Drive, Microsoft OneDrive)
  • Remote access tools and systems
  1. The Five Key Cyber Essentials Controls

Cyber Essentials identifies five key areas for securing an organization’s IT systems. Ascot Design Consultancy has implemented the following measures to ensure compliance with the scheme:

  1. Secure Configuration
  • Device Hardening: All computers, laptops, and servers used by Ascot Design Consultancy are configured securely. Unnecessary software and services are removed, and default settings are adjusted to minimize security risks.
  • Operating System and Software Updates: We ensure that all operating systems and applications are kept up to date with the latest security patches. Automatic updates are enabled where possible to ensure that vulnerabilities are addressed promptly.
  • User Accounts and Permissions: Only authorized users have access to specific systems and data. User accounts are configured with the minimum level of access required to perform job functions. Administrative privileges are restricted to authorized IT staff.
  1. Boundary Firewalls and Internet Gateways
  • Firewall Protection: Ascot Design Consultancy uses firewalls to protect our network from unauthorized external access. All incoming and outgoing traffic is filtered through these firewalls to prevent malicious activities.
  • Web Filtering: We employ web filtering software to block access to known malicious websites and to prevent the downloading of harmful content.
  1. Access Control
  • Strong Authentication: Employees and contractors access systems using strong, unique passwords. Where possible, multi-factor authentication (MFA) is implemented to add an additional layer of security.
  • User Privileges: Access to sensitive data and systems is restricted to only those who need it for their job role. This includes design files, project data, and client information. Access reviews are conducted regularly.
  • Remote Access Security: Remote workers use secure VPN connections to access internal systems and files. This ensures encrypted communication and prevents unauthorized access.
  1. Malware Protection
  • Antivirus and Anti-Malware Software: All devices used by Ascot Design Consultancy are equipped with up-to-date antivirus and anti-malware software. These tools are configured to run regular scans and automatically update with the latest virus definitions.
  • Malware Detection and Response: Any detected malware or suspicious activity is reported to the IT team immediately. We have procedures in place to quickly isolate and neutralize any threats.
  1. Patch Management
  • Patch Management Process: Ascot Design Consultancy follows a structured approach to applying patches and updates for all software and hardware devices. This ensures that any security vulnerabilities are addressed in a timely manner.
  • Automated Updates: Where possible, we enable automatic updates for operating systems, software applications, and security patches to reduce the risk of exploitation by cybercriminals.
  1. Responsibilities

All employees of Ascot Design Consultancy are responsible for adhering to the Cyber Essentials policies and practices. Key responsibilities include:

  • Employee Awareness: All staff receive regular training on cybersecurity best practices, including how to recognize phishing emails, the importance of password security, and how to report potential security incidents.
  • IT Team Responsibilities: The IT team is responsible for the implementation, monitoring, and maintenance of security controls. This includes ensuring that firewalls, antivirus software, and patch management systems are regularly updated and functioning correctly.
  1. Incident Response Plan

Ascot Design Consultancy has established an incident response plan that is activated in the event of a security breach or cyber attack. This plan includes:

  • Identifying and isolating affected systems
  • Investigating the source and impact of the breach
  • Notifying affected parties, including clients if their data is at risk
  • Taking corrective actions to prevent future incidents
  • Documenting the incident for review and compliance purposes
  1. Continuous Improvement

We are committed to continuously improving our cybersecurity practices. This includes:

  • Regularly reviewing and updating security measures
  • Monitoring for emerging cyber threats
  • Encouraging staff feedback on cybersecurity issues
  • Conducting periodic internal security audits
  1. Conclusion

By following the Cyber Essentials framework, Ascot Design Consultancy aims to protect our clients’ sensitive data, ensure the integrity of our project designs, and maintain a secure working environment for all employees. We will continue to review and improve our cybersecurity policies and procedures in order to mitigate risks and ensure compliance with best practices.