Net Defence Black Logo

Cyber Resilience

Protect your business from cyber risk.

View Services

IT Support

Manage your technology infrastructure.

View Services

Telephony

Keep your organisation connected.

View Services

Net Defence

Give your organisation the very best in protection, connectivity & support.
Speak to a specialist today

Take Control

Home / Insights / Cyber resilience: 12 key controls

Cyber resilience: 12 key controls

Profile picture

John Hay

Head of Cyber Resilience

Cyber Resilience 7th January 2023

Cyber resilience: 12 key controls

Cyber resilience is an approach that brings together business continuity, information and communication systems security and organisational resilience together.

Ultimately, it is your ability to continue to operate should you suffer a cyber event, such as a cyberattack or a natural disaster.

As part of cyber resilience, there are 12 key cyber hygiene controls that you should consider adopting today. These have long been established and considered best practices for many years.

More recently, insurers are asking you to demonstrate your compliance with these controls. Your inability to demonstrate this can potentially impact your ability to obtain, or renew insurance, or it can result in reduced coverage.

The 12 Controls:

Multifactor authentication

  • Additional electronic authentication, combined with your username and password.
  • A passcode, generated by an application or shared via SMS, email or app.

End point detection & response (EDR)

  • Endpoints are the entry point for almost all types of malicious attacks on your infrastructure.
  • EDR is a solution that continuously monitors detects and responds to attacks on end-point devices e.g., anti-virus software.

Backup & recovery

  • Secure, encrypted backups, are stored in a separate and secure location.
  • Tested (monthly) for successful recovery from your backup.

Privileged access management (PAM)

  • An information security mechanism that safeguards and controls identities with special access or capabilities beyond regular users.
  • Runs on the principle of “least privilege” or “zero trust”, ensuring users only have the access they need to do their job.

Logging and monitoring

  • Continuous monitoring will allow you to detect a cyber attack on time. Software and applications are used to identify unusual or malicious activity on your network and notify you in real time, and some solutions can take action without human intervention.

Email filtering & web security

  • Scanning of inbound and outbound emails for undesired content, categorising (e.g., spam, junk, virus, and malware) and taking specific actions (e.g., block, delete, move to junk).
  • Web filtering is restricting access to certain websites or those that have malicious content.
  • Managed through software-based technology, or by using specialist hardware.

Patch & vulnerability management

  • Vulnerability management refers to the process of discovering, identifying, cataloguing, remediating, and mitigating vulnerabilities found in software or hardware to prevent exploitation.
  • Patch management refers to the process of identifying, testing, deploying, and verifying patches for operating systems and applications found on devices to increase your security and prevent exploitation.

Cyber incident response planning & testing

  • Incident response is a term used to describe the process by which an organisation handles a data breach or cyberattack, including the way the organisation attempts to manage the consequences of the attack or breach.
  • This is part of your business continuity planning and your disaster recovery plan and should involve the entire organisation and not just IT.

Cyber security awareness training and phishing testing

  • Cyber security Awareness Training: your employees are your best line of defence if your IT systems don’t stop the threat, educate them to help prevent attacks
  • Simulated phishing attacks to regularly test and educate your employees.

Hardening techniques including remote desktop protocol (RDP)

  • Hardening is a process to reduce means of attack by taking specific actions e.g. turning off nonessential services and connections.
  • Remote desktop protocol (RDP) enables users to remotely access your network. This should be shut down and replaced with more secure solutions where possible.

End-of-life management

  • Protocols and processes to ensure that when hardware and software that is no longer maintained or supported it is removed/replaced.
  • When hardware and software are not maintained they are no longer tested for security vulnerabilities, leaving these devices open to exploitation.

Vendor/digital supply chain risk management

  • Processes to identify, assess and mitigate risk in your end-to-end supply chain with the intention to prevent issues and loss mitigation if issues do occur.
  • Cybercriminals are known to attack a selected target via their supply chain when they have been unsuccessful in a direct attack.

Whether you need insurance or not, ensuring your organisation has the 12 controls in place it the best way to improve your cyber security posture and resilience.

When combined, the IASME Cyber Essentials Plus and Cyber Assurance Level 2 certifications address these controls, ensuring they are in place, and giving you the ability to demonstrate your compliance with them.

Further reading:

Incoming changes to Cyber Essentials and Cyber Essentials Plus requirements

Cyber Resilience 17th January 2025

Incoming changes to Cyber Essentials and Cyber Essentials Plus requirements

From the 28th of April 2025, there will be several requirement changes to the Cyber Essentials and Cyber Essentials Plus certifications. Read on to find out how this may impact your business.

Read more

Yippee-ki-yay cyber criminals!

Cyber Resilience 11th December 2024

Yippee-ki-yay cyber criminals!

Learn how to protect your digital assets from cyber threats, just like John McClane protects Nakatomi Plaza.

Read more

Black Fridays dark side: Shop safe, not sorry

Cyber Resilience 29th November 2024

Black Fridays dark side: Shop safe, not sorry

Black Friday and Cyber Monday have become highlights of the shopping calendar, with consumers worldwide eager to take advantage of discounts and secure the best deals for festive gifts. However, this surge in online purchasing activity has also presented a prime opportunity for scammers.

Read more

Remote working = leaving the door open to cyber threats?

Cyber Resilience 11th November 2024

Remote working = leaving the door open to cyber threats?

Remote work has revolutionised how we work, but it also introduces new cyber security risks. We look at how to protect your remote workers, business, and data from cyber attacks using the essential tips outlined in this blog post.

Read more

NCSC’s Early Warning Service

Cyber Resilience 30th August 2024

NCSC’s Early Warning Service

The impact of NCSC’s Early Warning Service Early Warning Service is tangible, offering peace of mind to hundreds of organisations across the UK by alerting them to active malware, vulnerabilities, and potential compromises within their networks.

Read more

DMARC: The Essential Guide to Email Authentication and Security

Cyber Resilience 13th August 2024

DMARC: The Essential Guide to Email Authentication and Security

We explore DMARC, an email authentication protocol that can help protect your organisation and individuals from cyber attacks such as email spoofing, phishing, and other fraudulent activities.

Read more

Defence, protection, security. We've got you covered.

Whether you need to enhance your approach to cyber threats, overhaul your IT infrastructure or improve your communications, we’re here to help and advise. Talk to a specialist today and take the next step towards being a stronger, more resilient business.

Speak to us today

Need support? Take Control.

The button below is to be used when instructed by our technical support team. This will allow a file to be downloaded to your device for them to take control and help solve the issues you are having.

ND Take Control

exe · 7.68MB

Please note: only to be used when instructed by a member of our support team. Windows devices only.