Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber attacks”. The certification is a valuable indicator that the organisation has taken the necessary measures to bolster cyber security and reduce the risk of a cyber attack.
What did we do?
We worked closely with them on their Cyber Essentials Self-Assessment to identify the answers from their environment, and also to make some recommendations of policies and procedures that they need to implement to pass the self-assessment. This was passed with only 1 minor non-compliance.
To achieve Cyber Essentials Plus, we had to perform a vulnerability assessment and security review of the companies infrastructure. This required on-site visits to run the software and assess the workstations in the office.
What did we uncover?
During the initial scans, we flagged up multiple issues which the company was not aware of. These included workstations which were not fully up to date with Windows updates, and out of date software still in use on various machines.
The Cyber Essentials Plus standard mandates that all software must be up to date and in support by the manufacturer. All updates must be installed within 30 days of release. If this is not performed, then it is an instant failure point.
We worked regularly with the company to ensure that remedial actions were performed and would be compliant with the CE standard. The company was certified within 2 weeks of passing their Self-Assessment.
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.
