Cyber Essentials Plus Malware Protection Control Requirement

Lets take a look at the malware protection technical control required to pass Cyber Essentials Plus

Written by: David Henderson on Jan 04, 2023

Cyber Essentials Plus helps your organisation better prepare itself against the most common cyber attacks. It helps improve cybersecurity posture, build trust with stakeholders, and aid resilience against evolving cyber threats.

Malware protection is a key ingredient in helping to safeguard any organisation against unwanted cyber activity. It is also one of the 5 key controls required under Cyber Essentials Plus certification.

In this article, we look at what malware protection is and what level of protection is required to pass Cyber Essentials Plus.

What is Malware Protection?

Malware encompasses a wide range of malicious programs, including viruses, worms, Trojans, ransomware, spyware, adware and many more. Malware protection by comparison is the act of protecting a device or network against such malicious programs.

The objective is to prevent, detect, and mitigate the impact of malware infections on an organisation's devices, systems, networks or data. This control is vital in safeguarding against cyber threats, as malware can cause significant damage, disrupt business operations, compromise sensitive information, and lead to financial or reputational losses.

You can largely avoid the potential for harm from malware by:

  • Detecting and disabling malware before it causes harm (anti-malware)
  • Executing only software that you know to be worthy of trust (whitelisting)
  • Executing untrusted software in an environment that controls access to other data (sandboxing)

Cyber Essentials Plus Requirement for Malware Protection

Organisations undergoing certification to cyber essentials plus must have adequate malware protection on devices within the scope of the control. This includes desktop computers, laptop computers, tablets and mobile phones.

Each device outlined above must use at least one of the three mechanisms listed below:

Anti-malware Software

  • The software (and all associated malware signature files) must be kept up to date, with signature files updated at least daily. This may be achieved through automated updates, or with a centrally managed deployment.
  • The software must be configured to scan files automatically upon access. This includes when files are downloaded and opened, and when they are accessed from a network folder.
  • The software must scan web pages automatically when they are accessed through a web browser (whether by other software or by the browser itself).
  • The software must prevent connections to malicious websites on the Internet (by means of blacklisting, for example) — unless there is a clear, documented business need and the Applicant understands and accepts the associated risk.

Application Whitelisting

  • Only approved applications, restricted by code signing, are allowed to execute on devices. The Applicant must:
    • Actively approve such applications before deploying them to devices
    • Maintain a current list of approved applications Users must not be able to install any application that is unsigned or has an * invalid signature.

Application Sandboxing

  • All code of unknown origin must be run within a ‘sandbox’ that prevents access to other resources unless permission is explicitly granted by the user. This includes:
    • Other sandboxed applications o data stores, such as those holding documents and photos
    • Sensitive peripherals, such as the camera, microphone and GPS o local network access

Need help?

Email Us
email hidden; JavaScript is required

Call Us
+ 4428 9099 5777

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.