Professional services firm achieves Cyber Essentials Plus
Reduced security incidents by 90% and achieved certification within 6 months of onboarding.
A London-based professional services firm handling sensitive client data needed to improve their security posture and achieve Cyber Essentials Plus certification to meet client requirements and win new contracts.
Their existing IT provider offered basic break-fix support with no security focus. They had experienced several phishing incidents and were concerned about their exposure to ransomware and data breaches.
Industry
Company size
Timeline
The challenge
What we found when we looked under the hood.
No security controls
Basic antivirus was the only protection. No MFA, no email filtering, no endpoint detection. Passwords were weak and reused.
Frequent phishing incidents
Staff regularly clicked on phishing emails. Two accounts had been compromised in the previous year, requiring password resets and client notifications.
Client pressure
Several clients were asking for evidence of security certifications. The firm had lost at least one contract due to lack of Cyber Essentials.
No documentation
No IT policies, no asset register, no understanding of what was in place. The previous provider had no documentation to hand over.
“Bigfoot transformed our security posture in just a few months. We went from worrying about every suspicious email to having confidence that we are properly protected. The Cyber Essentials Plus certification has already helped us win new business.”
Managing Partner
Our approach
How we delivered the solution, phase by phase.
Assessment and quick wins
We conducted a full assessment of the existing environment, documented all assets, and identified critical gaps. Within the first two weeks, we implemented MFA for all users and deployed advanced email filtering to stop phishing at the gate.
Endpoint protection and monitoring
Replaced basic antivirus with EDR (endpoint detection and response) on all devices. Set up 24/7 monitoring so threats could be detected and contained before causing damage.
Policy and process
Created essential IT and security policies. Conducted security awareness training for all staff. Established proper user access controls and removed unnecessary admin rights.
Certification
Prepared for and supported the Cyber Essentials Plus assessment. Addressed all findings from the vulnerability scan and penetration test. Achieved certification on the first attempt.
Reduction in security incidents
Successful phishing attacks since onboarding
Months to Cyber Essentials Plus
MFA adoption across all users
Want results like these?
Every business starts somewhere. Whether you need to improve your security posture, achieve certification, or simply get your IT under control, we can help.