It is recommended to refresh your firewalls every 3 – 5 years. This allows you to benefit from new features and optimise performance, all while staying secure.

Very briefly there are two flavours of the certification you may be aware of, Cyber Essentials and Cyber Essentials Plus. The requirements for both are the same. Cyber Essentials can be self assessed by filling in a questionnaire and Cyber Essentials Plus is a 3rd party audit by a certification body such as Data Connect. A Cyber Essentials Plus auditor runs various tools to to ratify some of the controls and attestations within the submitted Cyber Essentials questionnaire.

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities.

CVSS is owned and managed by FIRST.Org, a US-based non-profit organization, whose mission is to help security incident response teams. Vulnerabilities are scored using this system and scoring is based on some simple metrics which derive a value of between 1-10. Vulnerabilities that score 10 are those considered the most critical and a score of 1 is vulnerabilities to be considered the least critical according to CVSS.

There are actually two version of the CVSS score. CVSS v3 is the latest iteration and takes into account additional metrics that CVSS v1 didn't. The score is based on various metrics such as attack vector, attack complexity and privileges required.

For standards such as PCI and Cyber Essentials these values are taken into account to decide on compliance. Cyber Essentials for example require that an organisation has no critical vulnerabilities over 14 days old for which a patch has been released. Critical generally means a CVSS v3 score of between 7 and 10, but they also consider the metrics.

An early stage of more complex social engineering attacks in which the con artist gains a victim’s trust, typically by creating a backstory that makes them sound trustworthy.