Cyber Essentials Plus: Fixing Windows Unquoted Service Path Vulnerability
Introduction As cyber threats continue to evolve, known weaknesses must be addressed quickly to avoid breaches, data loss, and ransomware attacks. Cyber Essentials Plus testing is aimed at identifying such weaknesses and can highlight configuration issues that should be fixed. One example of this is the “Windows unquoted/trusted service paths privilege escalation security issue” vulnerability […]
Cyber Essentials: Free Cyber Liability Insurance
Introduction From phishing attacks to ransomware, threat actors constantly evolve their tactics. This leaves organisations vulnerable to operational, financial, and reputational damage. If you’re looking for a way to safeguard against these risks, the Cyber Essentials scheme offers a simple and effective solution. For added peace of mind, eligible organisations can opt in for […]
Why a Merseyside-based Law Firm received a £60,000 penalty notice following a Cyber Attack
Introduction On 16th April 2025, a penalty notice for £60,000 was released by the Information Commissioner’s Office (ICO). This followed an investigation of a security incident that took place in June 2022 at a Merseyside-based law firm. This penalty notice is important to understand as it can help us prevent similar incidents and also […]
Cyber Essentials Plus: Account Separation
Introduction Cyber Essentials Plus (Level Two) is a technical audit that demonstrates protections are in place to guard against the most common forms of cyberattacks. Here, we focus on account separation checks, explaining why these tests are carried out, the benefits, what to expect, and how we help. Aim of Account Separation Testing […]
Cyber Essentials Plus: Multi-factor Authentication
Introduction Cyber Essentials Plus (Level Two) is a technical audit that demonstrates protections are in place to guard against the most common forms of cyberattacks. Here, we focus on multi-factor authentication and account separation checks, explaining why these tests are carried out, the benefits, what to expect, and how we help. Aim of […]
Cyber Essentials Plus: Malicious Software Protection
Introduction Cyber Essentials Plus (Level Two) involves tests to determine whether an internet-based attacker can hack into systems. This article focuses on the malicious software checks that are carried out via email and internet browsing. Here, we look into why these tests are done, the benefits, what to expect, and how we help. […]
Cyber Essentials Plus: Vulnerability Assessments
Introduction Cyber Essentials Plus (Level Two) is a technical audit to demonstrate that protections are in place, guarding against common forms of cyberattacks. This article takes a deeper dive into the vulnerability assessments and patching checks. We shine a light on these to help show why that testing is carried out, the benefits, what to […]
Cyber Essentials Plus: Missing Security Patches
Introduction With the pace of technology accelerating, staying on top of security vulnerabilities is crucial for organisations of all sizes. Security updates are released on a regular basis, aimed at reducing risk and closing system weaknesses. Cyber criminals are constantly looking to exploit weaknesses for nefarious gain, so a holistic approach to applying security patches […]
Cyber Essentials Plus: Windows SMB Version 1 (SMBv1) Detected
Introduction With cyber threats constantly evolving, staying ahead of vulnerabilities is crucial. One significant, yet long-standing vulnerability relates to Windows Server Message Block Version 1 (SMBv1). This outdated protocol allows attackers to gain unauthorised access to systems, posing a serious risk to security. Cybercriminals can use this weakness to infiltrate your network, steal sensitive […]
Cyber Essentials Plus: WinVerifyTrust Vulnerability
Introduction With cyber based threats evolving at an unprecedented pace, one (long-standing) vulnerability that continues to demand attention is WinVerifyTrust. This allows cybercriminals to cause damage by installing malicious software in files and disguise it as a ‘trusted software update”. By addressing this flaw, unauthorised access can be prevented, along with data breaches and […]