Cyber Essentials Compliance
A large solicitors firm approached us, wanting to better understand their current cyber security status and to achieve the UK Government backed Cyber Essentials security certification. With multiple offices situated in the South West, there was a lot to review, and we’d need to work closely with the on-site IT team to better understand their current processes and infrastructure.
From speaking directly to the internal IT team, running vulnerability tools across multiple offices, and manually reviewing configurations, it was identified that various core equipment was no longer supported by the manufacturer. This meant that they were no longer receiving security patches and their core equipment would need to be replaced to meet the Cyber Essentials standard to achieve security best practice.
Whilst some of the estate was actively being patched, it was also identified that some core areas of the infrastructure were not receiving the same level of attention. Collaborating with the internal IT team to better understand their critical services, backup routines and working hours, we were able to implement an automated schedule of patching that jelled with the business, whilst ensuring we hit our targets for Cyber Essentials compliance.
Having implemented the various solutions we advised, the organisation successfully passed the Cyber Essentials Plus certification, which involved a third-party auditor attending site to verify they were indeed operating to the required standard. We now actively manage the security estate for this organisation, ensuring they are compliant with the Cyber Essentials security standard all year round.
The internal IT team and key stakeholders now also have constant access to our systems which provide them with a key insight to the security status of their IT systems at any time.