The Duo Blog
Part of Government Communications Headquarters, the National Cyber Security Center (NCSC), recently revised its approach to its Cyber Essentials scheme with emphasis on how UK firms of all sizes and all sectors must revisit their post-pandemic “Bring Your Own Device” or BYOD policies. Let’s explore what the changes mean and what steps firms should take to ensure they are fully equipped for today’s hybrid work world.
Cast your mind back to 2014. Though it wasn’t so long ago, it may as well be dog years when you consider how much has happened in that time. To keep up with the numerous technical and societal changes that have occurred since the NCSC launched its Cyber Essentials requirement eight years ago, the government agency has made some revisions.
These changes apply to the use of cloud services, as well as home working, multi-factor authentication, password management and security updates — all of which are becoming of increasing concern in today’s new hybrid world. But one of the biggest changes pertains to its updated BYOD requirement:
“In addition to mobile or remote devices owned by the organization, user-owned devices which access organizational data or services are in scope (native voice and SMS text applications are out of scope alongside multi-factor authentication usage).”
This indicates the NCSC is acknowledging that hybrid work is here to stay and we need a more strategic approach to replace the quick fixes that were hurriedly employed during the pandemic. It’s also led to some publications labeling the change “BYOD 2.0,” because when they say hybrid they don’t just mean a few days at home and a couple in the office.
Of course office/home work is a big part of it, but they also mean the type of device used (personal/corporate/both) and how it is being run (Android/iOS any number of other operating systems). And it’s a pretty major mindset shift to ensure all of these mix-and-match approaches have the same level of security that user devices had in the past when they were managed through centralized administration that ensured consistency across the organization, aka a “castle and moat” approach to network security.
For the public sector, a Cyber Essentials Certification is often a require
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: