Cyber Essentials Controls

What is Malware?

Malware is short for malicious software. It is any software designed to harm a computer, network, or user by disrupting systems, damaging data, stealing information, or gaining unauthorised access without the owner’s knowledge.

Cyber criminals use malware for many different purposes, from spying on activity and stealing credentials to locking files for ransom or spreading further across a network. Common types of malware include viruses, worms, trojans, spyware, adware, and ransomware. While they work in different ways, they all pose a serious risk to your organisation’s systems, data, and day-to-day operations.

If malware infects a device, the impact can include system outages, poor performance, data loss, unauthorised access, and hidden infections that continue spreading before they are discovered.

How does Malware get onto my device?

One of the most common ways malware reaches a device is through phishing. This usually happens when an email appears to come from a trusted source, such as a bank, supplier, or recognised organisation, and encourages the user to click a link or open an attachment. If they do, malicious software may be downloaded or installed.

Using a standard user account rather than an administrator account can help reduce this risk. In many cases, malware needs administrator privileges to install fully or make deeper changes to a system, so limiting access can provide an important extra layer of protection.

Other common routes of infection include clicking malicious adverts or pop-ups, downloading software from untrusted sources, and opening infected files from removable media such as USB sticks.

Cyber Essentials: Malware Protection

Cyber Essentials is designed to help organisations reduce the risk of malware by putting practical, effective controls in place. The goal is to stop known malware and untrusted software from running and causing harm.

There are two main approaches highlighted in your source material:

Anti-malware helps detect, block, quarantine, or remove malicious software before it can damage systems or data. This can include well-known endpoint protection products as well as built-in protections such as Windows Defender or macOS XProtect.

Allow listing helps ensure that only trusted and approved software is able to run on a device. This reduces the chance of unknown, unauthorised, or malicious applications being executed.

Together, these controls help protect your users, devices, and data from common malware threats.

Anti-malware Software Requirements

Where anti-malware software is used, Cyber Essentials expects it to be properly configured and actively maintained. In practice, this means the software must be kept up to date, and if it is signature-based, its signature files must be updated at least daily.

It must also be configured to scan files automatically when they are accessed, including when files are downloaded, opened, or accessed from a network location. Web pages should also be scanned automatically when accessed through a browser, and the software should help prevent connections to known malicious websites.

In simple terms, anti-malware should not just sit on the device. It should be active, current, and configured to stop threats before they can take hold.

Malware Protection for Mobile Devices

For mobile devices, the focus is slightly different. Cyber Essentials places greater emphasis on controlling which apps can be installed, rather than relying on traditional desktop-style anti-malware.

To meet the requirement, organisations should only allow apps that are application signed and obtained from official app stores or other approved and reputable software sources. In practice, this usually means trusted sources such as Google Play and the Apple App Store, supported by an approved software list maintained by the organisation.

This matters because software from unofficial or questionable sources may be counterfeit, unsupported, unlicensed, or bundled with malware. Using approved sources reduces the risk that harmful code is installed on devices that access organisational data and services.

Why Malware Protection Matters

Effective malware protection is one of the most important parts of Cyber Essentials because it helps prevent attacks before they become incidents. By combining anti-malware controls, trusted software sources, least-privilege access, and where appropriate allow listing, organisations can significantly reduce the likelihood of malware infection and limit the damage if an attack is attempted.