Cyphra helped a legal firm through the Cyber Essentials+ Certification to both improve their security posture and to demonstrate to their clients that they adequately protect the data on their IT systems.

Challenge:

This legal firm understood that they needed to have appropriate cyber security controls in place to be able to demonstrate to their clients and regulatory bodies that they were adequately protecting the data on their IT systems. They decided that using the Government’s Cyber Essentials Plus scheme would provide a suitable level of externally audited assurance over their key security controls. Successful accreditation against Cyber Essential Plus demonstrates that a number of key information security controls are in place as it involves a series of technical tests to be completed of an organisation’s network and computers by independent professionals. They were not familiar with the requirements of the standard and felt that they would need assistance to understand the process and assess their readiness to apply for certification.

Solution:

Cyphra were selected to provide the advice and guidance in preparation for certification as a Cyber Essentials Certification body. A Cyphra consultant worked closely with the organisation to initially understand their IT environment and the status of their key security controls. The key basic control areas examined are:

  • Securing the Internet connection.
  • Securing devices and software.
  • Controlling access to data and services.
  • Protection from viruses and other malware.
  • Keeping devices and software up to date.

Cyphra advised the organisation of the control improvements that they needed to put in place. Once they had implemented these improvements the consultant worked through a pre-certification assessment to ensure that they had addressed the issues adequately. Finally, Cyphra conducted the CE+ assessment and network testing. 

Outcome:

The organisation successfully passed their audit and achieved Cyber Essentials Plus certification. Certification has made the organisation make improvements to their security controls which has reduced their exposure to the risk of cyber threats. It also means they are able to reassure their clients that they take cyber security seriously and their clients can verify this against the online Directory of organisations awarded Cyber Essentials.

Secure your business

Let’s discuss how we can help you.