Why a Merseyside-based Law Firm received a £60,000 penalty notice following a Cyber Attack
Introduction On 16th April 2025, a penalty notice for £60,000 was released by the Information Commissioner’s Office (ICO). This followed an investigation of a security incident that took place in June 2022 at a Merseyside-based law firm. This penalty notice is important to understand as it can help us prevent similar incidents and also learn […]
How a Cyber Security Incident Led to a £3 million Penalty, and Over £21 million in Recovery Costs
Introduction On 26th March 2025, a penalty notice for over £3 million was released by the Information Commissioner’s Office (ICO). This followed an investigation of a security incident that started on 22nd August 2022, with final recovery actions taking place on 23rd May 2023 and impacted services such as NHS 111 and NHS Trusts. […]
Cyber Essentials Plus: Account Separation
Introduction Cyber Essentials Plus (Level Two) is a technical audit that demonstrates protections are in place to guard against the most common forms of cyberattacks. Here, we focus on account separation checks, explaining why these tests are carried out, the benefits, what to expect, and how we help. Aim of Account Separation Testing […]
Cyber Essentials Plus: Multi-factor Authentication
Introduction Cyber Essentials Plus (Level Two) is a technical audit that demonstrates protections are in place to guard against the most common forms of cyberattacks. Here, we focus on multi-factor authentication and account separation checks, explaining why these tests are carried out, the benefits, what to expect, and how we help. Aim of […]
Cyber Essentials Plus: Malicious Software Protection
Introduction Cyber Essentials Plus (Level Two) involves tests to determine whether an internet-based attacker can hack into systems. This article focuses on the malicious software checks that are carried out via email and internet browsing. Here, we look into why these tests are done, the benefits, what to expect, and how we help. […]
Cyber Essentials Plus: Vulnerability Assessments
Introduction Cyber Essentials Plus (Level Two) is a technical audit to demonstrate that protections are in place, guarding against common forms of cyberattacks. This article takes a deeper dive into the vulnerability assessments and patching checks. We shine a light on these to help show why that testing is carried out, the benefits, what to […]
Cyber Essentials Plus: Missing Security Patches
Introduction With the pace of technology accelerating, staying on top of security vulnerabilities is crucial for organisations of all sizes. Security updates are released on a regular basis, aimed at reducing risk and closing system weaknesses. Cyber criminals are constantly looking to exploit weaknesses for nefarious gain, so a holistic approach to applying security […]
Cyber Essentials: User Access Control
Introduction User access control is a fundamental aspect of Cyber Essentials, ensuring that only authorised individuals have access to sensitive systems and data. Effective access control measures significantly reduce the risk of data breaches and cyber attacks by limiting unnecessary exposure to critical information. Here, we explore the importance of user access control, why it’s […]
Cyber Essentials: Security Updates
Introduction Keeping devices secure with vendor-provided updates is key for cyber security best practice. It helps prevent unauthorised access and helps keep devices safe from harm. Whether pursuing Cyber Essentials, Cyber Essentials Plus, or just looking to be secure, applying security updates is a crucial step. Why Security Updates Are Important Devices that run […]
Cyber Essentials: Secure Configuration
Introduction Having securely configured devices is a key component of cyber security best practice. This reduces risk and aims to ensure devices are not vulnerable to attack. Whether an organisation is pursuing Cyber Essentials, Cyber Essentials Plus, or just looking to be secure, having a secure configuration for devices is a crucial step. Why […]
