The Company: A UK-based software development firm
Team Size: 50 employees
Established: In 2018
A software development company faced a question that’s becoming all too common: How do they start protecting themselves from cyber-risks?
This story is about their journey from confusion to clarity in Cyber Security, a journey marked by the pursuit of a Cyber Essentials and Plus certification with guidance from Equilibrium Security.
The Challenge: Taking the First Step in Cyber Security
Engaged in projects for the public sector, this team knew they had to up their game in Cyber Security. But where to begin? It seemed like a maze of complex solutions and heavy-duty commitments, like ISO 27001, which felt like overkill for their needs. They needed a simpler, yet effective starting line.
Choosing Cyber Essentials: Making Sense of the Chaos
That’s when they decided to go for the Cyber Essentials certification. It was like finding a straightforward path in a dense forest.
This certification wasn’t about big, scary changes but about getting the basics right – a perfect fit for their immediate needs.
Guided by Equilibrium Security: A Trusted Cyber Essentials Certification Body
When the Software Development Company saw all the good things people were saying about our Cyber Essentials expertise in our Google reviews, they knew they were making the right choice.
Equilibrium Security stepped in, not with a bunch of technical jargon, but with real talk and practical advice. We showed the team that this wasn’t just a one-off tick-box exercise, but the beginning of a longer journey in keeping their digital world safe.
Implementing Fundamental Cyber Security Controls
Their team got down to business, focussing on five key areas:
- Building a Strong Fence: They beefed up their firewalls and internet gateways, setting up strong defences against outside threats.
- Getting the Setup Just Right: They tweaked their systems, making sure everything was set up securely without throwing a wrench in their daily work.
- Who Gets the Keys: They tightened up on who had access to what, making sure only the right people could get to sensitive data.
- Battling the Bugs: They ramped up their fight against malware, keeping their systems clean and secure.
- Staying on Top of Updates: They made sure to regularly update their systems, closing off any back doors that could be used to sneak in.
The Certification Experience
Getting certified with Cyber Essentials was a two-part story:
Cyber Essentials basic:
The first step involved tackling a comprehensive set of 70 questions. This self-assessment went beyond being just a routine checklist; it involved a thorough exploration into the finer details of their Cyber Security practices.
Cyber Essentials Plus certification:
During the initial Cyber Essentials phase, the company had filled out the 70-question self-assessment, reflecting on their Cyber Security practices. But now, with Cyber Essentials Plus, it was time to put all those claims to the test. This wasn’t about just reiterating what was on paper; it was about proving it.
- Discovering security holes: Equilibrium, conducting a thorough remote assessment, took on the role of a verifier. We went through each point the company had self-reported, validating every detail with security checks and scans. In this process, we uncovered several security issues that the company hadn't initially spotted.
- A collaborative effort: But we didn’t just point out the problems; we helped them fully understand these vulnerabilities. Together, we worked on understanding the risks and developing solutions to fix them. It was a collaborative effort to patch up the weak spots in their cyber defence.
- The rescan: Once they addressed these issues, we conducted a rescan. This was the moment of truth, checking if all the fixes and updates were effective.
- Security success: It worked – the company passed the follow-up check. This showed that their security wasn't just good on paper; it was strong and working effectively in their day-to-day operations.
- Demonstrating defence: They had successfully turned their Cyber Security strategy from a plan on paper into a living, breathing protective shield.
- Celebrating More Than Just a 'Pass': While receiving the 'pass' and being certified for a year was a cause for celebration, what mattered even more was the real-world security it affirmed. The Cyber Essentials Plus assessment went beyond the bounds of a standard compliance exercise; it was a tangible validation of how well the company's Cyber Security practices stood up in the real world.
Equilibrium Security and Cyber Security Essentials: Building a more secure future
The company’s journey extended beyond just The Cyber Essentials Scheme. It steered them towards considering Equilibrium’s penetration testing services to enhance the security of their software during the development stage.
They also realised the need for frequent vulnerability scans to continuously tackle security weaknesses, rather than just relying on the yearly Cyber Essentials assessment.
For this software development company, UK Cyber Essentials and Cyber Essentials plus was more than a first step. It was a critical move that made the often-overwhelming world of Cyber Security approachable and manageable. Their story is a lesson on the importance of starting with the basics, especially for businesses stepping into the complex world of Cyber Security for the first time.
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.
