Why a Merseyside-based Law Firm received a £60,000 penalty notice following a Cyber Attack
Introduction On 16th April 2025, a penalty notice for £60,000 was released by the Information Commissioner’s Office (ICO). This followed an investigation of a security incident that took place in June 2022 at a Merseyside-based law firm. This penalty notice is important to understand as it can help us prevent similar incidents and also learn […]
Cyber Essentials Plus: Malicious Software Protection
Introduction Cyber Essentials Plus (Level Two) involves tests to determine whether an internet-based attacker can hack into systems. This article focuses on the malicious software checks that are carried out via email and internet browsing. Here, we look into why these tests are done, the benefits, what to expect, and how we help. […]
Cyber Essentials Plus: Missing Security Patches
Introduction With the pace of technology accelerating, staying on top of security vulnerabilities is crucial for organisations of all sizes. Security updates are released on a regular basis, aimed at reducing risk and closing system weaknesses. Cyber criminals are constantly looking to exploit weaknesses for nefarious gain, so a holistic approach to applying security […]
Cyber Essentials Plus: Windows SMB Version 1 (SMBv1) Detected
Introduction With cyber threats constantly evolving, staying ahead of vulnerabilities is crucial. One significant, yet long-standing vulnerability relates to Windows Server Message Block Version 1 (SMBv1). This outdated protocol allows attackers to gain unauthorised access to systems, posing a serious risk to security. Cybercriminals can use this weakness to infiltrate your network, steal sensitive […]
Cyber Essentials Plus: WinVerifyTrust Vulnerability
Introduction In today’s digital world, cyber threats are evolving at an unprecedented pace. One (long-standing) vulnerability that continues to demand attention is WinVerifyTrust. This allows cybercriminals to cause damage by installing malicious software in files and disguise it as a ‘trusted software update”. By addressing this flaw, unauthorised access can be prevented, along with […]
Cyber Essentials Plus: What Does The Audit Involve?
Introduction Cyber Essentials Plus (Level Two) is a technical audit of IT systems. It’s based on the same technical requirements of Cyber Essentials (Level One) and is a way to verify the controls are in place and operating effectively. It can provide more assurance to organisations regarding the risks associated with internet-based threats. The […]
Cyber Essentials: Can ‘Out of Support’ Software be Used?
Introduction Technical debt and out of support software can be a challenge when considering Cyber Essentials certification. This summary demystifies the topic, with advice, explanation and an example – aimed to help and inform. Out of support software and technical debt There are plenty of examples of organisations needing to retain end of support […]
Cyber Essentials: Malware Protection
Introduction Deploying malicious software (like ransomware) is just one way that cyber criminals can impact organisations and people – having suitable protection in place is key to good cyber security posture. It helps to prevent malicious software from appearing on devices and running – effectively aimed at preventing damage and impact. Here, we explore the […]
Cyber Essentials: Secure Configuration
Introduction Having securely configured devices is a key component of cyber security best practice. This reduces risk and aims to ensure devices are not vulnerable to attack. Whether an organisation is pursuing Cyber Essentials, Cyber Essentials Plus, or just looking to be secure, having a secure configuration for devices is a crucial step. Why […]
NCSC Funded Cyber Essentials Programme: Helping UK Organisations Strengthen Cyber Security
Introduction Cyber threats are an ever-growing concern for businesses, charities, and professionals across the UK. Recognising the need for stronger cybersecurity, the National Cyber Security Centre (NCSC) launched a Funded Cyber Essentials Programme to help organisations enhance their cyber resilience. This government-backed initiative provides funded expert support to eligible organisations, offering 20 hours of consultancy […]
