Client type : Data Management

Delivery type: Full delivery of compliance by Cyber Tec
Size of company: 30-50 employees
Sector: Government
Threat protection level: Medium

Our client works with several very well-known UK brands and local / central government departments all of which, through questionnaires and external audits, were asking our client for further information about their security provision as there was a need to ensure that the data being managed by our client was secure.

Highlighted by the external audits, questionnaires and along with general knowledge of on-going breaches throughout the UK and some knowledge of a another organisation who were breached by a user error, our client made the decision to review their security, to work towards the UK Government Standards (in particular the National Cyber Security Centre’s – Cyber Essentials, Cyber Essentials Plus and the Top 10 Steps to Improved Cyber Security) and engaged Cyber Tec to review their current posture and work with them to deliver improvements.

Our client was already working with an IT Managed Services provider and already understood that Managed IT was not Managed Security and wanted to ensure that they completed an external review of the ICT systems and services in relation to security along with a review of their own processes to look for weaknesses and unmitigated risks.

Cyber Tech completed a Cyber Essentials Plus with IASME Framework including GDPR gap analysis and security review of the organisation to understand the current unmitigated risks that existed within the systems and processes within the client’s organisation and identified a number of issues including:

  • Across the 35 user devices, there were 23 critical, 45 high and 36 medium risk vulnerabilities which were not being addressed through normal Managed IT support delivery.
  • The Firewall wasn’t locked down to a level recommended for good cyber security.
  • There was no web filtering in place preventing end users accidently accessing known compromised websites and therefore no SSL based web access scanning wasn’t in place so any compromised SSL based site could easily be a source of infection.
  • There was no data map or risk assessment related to data available, so the client wasn’t sure where data was stored, how it arrived, where and indeed who processed it and what happened to it after processing (how could they know what needed protecting).
  • Users didn’t even receive any basic security training
    • There was a lack of understanding about good password practice
    • GDPR had been discussed but no one really understood their part in data management and data security and the requirements of GDPR for them.
    • Users would not be able to easily identify a potential phishing email with no visual cue and no phishing training.
  • Data resided on many devices in an unencrypted state
  • There was no data retention process in place so data which had been processed and was no longer required was being held indefinitely.
  • Password Policy and Machine Lockout wasn’t appropriate.

Cyber Tech were asked to remediate all the vulnerabilities and risks which were addresses through our security team followed by a further assessment to confirm that all risks have been remediated and no further risks remained.

Our consultants worked with the client to create new policies and processes to bring the documentation and delivery mechanism for the client up to a level where working securely was a day to day normal operation.

Cyber training (including GDPR) was implemented and along with phishing testing the knowledge of the staff working within the organisation was raised which itself delivered a Human Firewall to the organisation.

All devices were encrypted, secure email facilities were implemented to ensure that transmission of confidential data was further protected and all removeable media was replaced with encrypted memory sticks.

  • Risks mitigated
  • Policies and processes created
  • Cyber Essentials Certification Achieved
  • Cyber Essentials Plus Certification Achieved
  • Alignment to IASME Framework delivered
  • 10 Steps to Cyber Security Alignment completed
  • Staff Training
  • Data Security and Impact Assessment Completed
  • GDPR alignment / compliance / training

Housing case study

Size of company:
25

Sector:
Housing

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client holds lots of confidential data relating to tenants in their properties and financial and medical care plans in relation to the care and support of those tenants in their properties and managed/assisted living spaces.

View full case study >>

Managed Business Services case study

Size of company:
25

Sector:
IT

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a smaller company within a larger organisation, providing internal and external ICT support for the wider company and their end clients.

View full case study >>

Data Management case study

Size of company:
50-100

Sector:
Government

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client works with several very well-known UK brands and local / central government departments all of which, through questionnaires and external audits, were asking our client for further information about their security provision as there was a need to ensure that the data being managed by our client was secure.

View full case study >>

Legal case study

Size of company:
25

Sector:
Legal

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a legal firm, wanted to improve their Cyber Security Posture through the National Cyber Security Centre’s (NCSC) Cyber Essentials and Cyber Essentials Plus certification path.

View full case study >>

Our Credentials

We are the only Cyber Security Company who can certify your compliance (we are an approved certifying body) and manage your security and risk on an ongoing basis, as well as help you achieve Cyber Essentials, Cyber Essentials Plus and IASME Gold Framework.

Get in touch