Case Study
Achieving Cyber Essentials Plus Certification for a Yorkshire Financial Services Firm
The Challenge
A Yorkshire-based financial services firm with 12 remote employees came to Cactus IT with concerns that many businesses in their sector were beginning to face: evolving cyber security regulations. The financial services industry was introducing new cyber security requirements, and the firm needed to understand what compliance meant for their business. With all staff working remotely, they faced additional complexity in securing their infrastructure and demonstrating adherence to industry standards. As an existing support customer, they trusted us to provide honest, practical advice rather than simply selling them the most expensive solution. They needed guidance on what was actually necessary, not what was theoretically ideal.
Our Recommendation
After reviewing their circumstances, we recommended pursuing Cyber Essentials Plus certification – the UK Government’s recognised standard for cyber security. This wasn’t the easiest path, but it was the right one. Cyber Essentials Plus would not only satisfy their industry’s regulatory requirements but also provide assurance to their clients that their data and systems were properly protected. The certification is demanding. It requires organisations to demonstrate robust security controls across five key areas: firewalls, secure configuration, user access control, malware protection, and security update management. The “Plus” designation involves hands-on technical verification by independent auditors, not just self-assessment. The customer agreed it was a proportionate approach and asked us to guide them through the process.
Working Towards Certification
Achieving Cyber Essentials Plus isn’t just about ticking boxes – it requires genuine security improvements and comprehensive documentation.
Policy and Configuration Review
We worked closely with the firm to ensure all required security policies were in place and properly documented. This included acceptable use policies, password requirements, remote working guidelines, and incident response procedures. We then reviewed their entire technical infrastructure against the certification requirements. Every device, every security control, every configuration setting needed to meet the standard.
Technical Implementation
Where gaps existed, we implemented the necessary improvements. This included strengthening password policies, ensuring security updates were applied consistently across all remote workers’ devices, configuring appropriate access controls, and verifying that malware protection was properly deployed and managed. For a remote workforce, this presented particular challenges. We couldn’t simply walk around an office checking devices – everything needed to be managed, verified, and documented remotely.
Audit Preparation and Support
The third-party audit for Cyber Essentials Plus certification is comprehensive and technically demanding. Auditors conduct hands-on testing of systems, verify configurations, and probe for vulnerabilities. Our technical guidance helped prepare the firm for this scrutiny. We knew what auditors would look for, anticipated their questions, and ensured the evidence was ready to demonstrate compliance.
The Results
The financial services firm successfully achieved Cyber Essentials Plus certification, meeting their industry’s regulatory requirements and providing assurance to their clients. But the benefits extended beyond the certificate itself. The process confirmed that security standards across their network and infrastructure were current, properly configured, and fit for purpose.
They now maintain the certification with our ongoing support, ensuring that as their business evolves and regulations change, their cyber security remains compliant and effective. For a financial services firm handling sensitive client data, Cyber Essentials Plus provides both regulatory compliance and competitive advantage. Clients increasingly expect – and in some cases require – evidence of robust cyber security from the firms they trust with their finances.
Why Cyber Security Standards Matter
This case study demonstrates that cyber security compliance isn’t a burden to be minimised – it’s an opportunity to demonstrate professionalism and protect your business properly.
For regulated industries like financial services, certifications like Cyber Essentials Plus are increasingly non-negotiable. But even for businesses without regulatory requirements, the standards provide a clear framework for implementing security that actually works.
Does your business need to demonstrate cyber security compliance? Contact Cactus IT to discuss Cyber Essentials certification and other security standards.