Project Description

Cyber Security Case Study : Engineering

The client, a long established engineering business, required a Cyber Security audit and completion of a Cyber Essentials Plus certification in order to meet customer data security requirements. The client was also required to meet industry specific security standards for a specific contract.

Cyber Security Audit
Cyber Essentials Planning
Delivered Compliance Training

Objectives

  • Perform an audit on the current Cyber Security posture
  • Develop and carry out a plan to obtain Cyber Essentials Plus certification
  • Meet additional contractual security requirements
  • Ensure ongoing compliance through training and adherence to best practice

Challenges

  • Long standing working practices didn’t include Cyber Security considerations
  • Specialised and bespoke systems that were not amenable to best practice
  • End-user buy in to changes in processes, software and operations
  • Meeting two different sets of security requirements

Solution

Working with management, we completed a thorough audit of all hardware, software, and systems in scope for both Cyber Essentials and the contractual security requirements. Each item was then evaluated for compliance, with replacement, upgrades, or mitigation applied as needed in order to meet the needs of the specification.

Cyber Security software was deployed across the business to strengthen security and existing controls. Available but previously unused, security features such as 2FA further strengthened the client’s security.

We also assisted in the drafting and implementing of new processes and handbooks to assist staff with ongoing compliance and training, ensuring Cyber Security was at the core of the business and not simply a checkbox attended to at audit time.

Benefits

Once all updated software, policies, and working practices were rolled out, the client was able to continue servicing existing contracts, and bid for new contracts that had specific cybersecurity requirements.

The benefits extended to the whole business, with all internal and customer data being more secure and harder to attack, providing reassurance to the directors and placing the customer on a more secure footing.