MTD Ltd reinforce IT security with Cyber Essentials Plus

Successfully gaining Cyber Essentials Certification in 2023, leading UK manufacturer, MTD Ltd (Midland Tool & Design Ltd) were confident the business was well placed to achieve the highly coveted Cyber Essentials Plus certification.

UK manufacturer reinforces security credentials with Cyber Security Plus Certification

Successfully gaining Cyber Essentials Certification in 2023, leading UK manufacturer, MTD Ltd (Midland Tool & Design Ltd) were confident the business was well placed to achieve the highly coveted Cyber Essentials Plus certification.

For cybercriminals, a thriving business is an attractive target. Obtaining unauthorised access to company accounts, hackers can obtain business-critical information such as employee credentials, corporate data, and financial details. These highly organised criminals’ prey on ill prepared, vulnerable organisations.

As such, it is crucial businesses of all sizes adopt solid IT security practices.

Ransomware, malware, phishing, and identity theft cases are becoming more widespread. Potential clients want reassurance that they are working with providers that have adequate security measures in place.

A key identifier of a security-savvy supplier is the presence of Cyber Essentials accreditations.

Midlands-based manufacturers, MTD Ltd (Midland Tool & Design Ltd), who specialise in the production of electrified solutions, are suppliers to the Aerospace, Automotive, Power Generation, Medical, and Defence sectors globally. The business is respected industry-wide for their security-first ethic. Working with Redloft Technology, the company successfully became Cyber Essentials certified in 2023 and, keen to reaffirm its position as a highly security conscious business, MTD Ltd (Midland Tool & Design Ltd), opted to follow their Cyber Essentials certification with Cyber Essentials Plus.

Why Cyber Essentials Plus

Cyber Essentials Plus expands upon the Cyber Essentials Verified Self-Assessment and includes a rigorous external audit of the organisation’s IT systems. Supported by the UK government and National Cyber Security Centre (NCSC), the aim of the audit is to confirm that all controls declared in Cyber Essentials are implemented on the organisation’s network.

Darren Booton, Managing Director at MTD Ltd (Midland Tool & Design Ltd), explains the company’s decision to apply for Cyber Essentials Plus with the assistance of Redloft Technology. “The Cyber Essentials certification we achieved last year positioned MTD Ltd as a go-to supplier for clients in the automotive and aerospace industry as well as UK government. These high-profile customers seek suppliers who can demonstrate cyber security of the highest level. Our customers are increasingly required by their supply chains to be basic Cyber Essentials certified at a minimum.”

Darren continues, “Redloft Technology successfully guided us through the original Cyber Essentials process. The level of knowledge and understanding their consultants hold around Cyber security is immense. Having worked with Redloft for several years, their consultants have a very good understanding of our business processes and IT infrastructure. We knew they were the only company we would trust to help us through the Cyber Essentials Plus certification.”

Key benefits of Cyber Security Plus

Barry Mansell, Senior Cloud Consultant at Redloft Technology shares some of the benefits of obtaining Cyber Essentials Plus. “To achieve Cyber Essentials Plus, assessors audit the business’s IT system to check that what was detailed in Cyber Essentials has been appropriately implemented. By obtaining Cyber Essentials Plus, a business can publicly declare that they have passed this stringent audit and are proven to meet baseline security standards set out by Cyber Essentials. The benefits include the prevention of approximately 80% of cyber-attacks; improved supply chain security; a USP for winning new business; the ability to work with the UK government; and assures stakeholders of the business commitment to data security.”

Darren adds, “Having your business assessed by an external source is daunting, especially as Cyber Essentials is so scrupulous. However, the Redloft team put us at ease with their preliminary checks and reassurance that everything was set appropriately, and as described. They helped us prepare for the basic accreditation which we passed without a hitch. Our highly enhanced security practices positioned us well for the higher-level certification. 

Having completed the thorough external assessment, MTD Ltd (Midland Tool & Design Ltd), were successfully certified with Cyber Essentials Plus.

Darren concludes, “We are delighted to have achieved Cyber Essentials Plus. The Cyber Essentials auditors truly leave no stone unturned; the audit is extremely thorough. The certification is a credit to our own employee buy-in, who take security extremely seriously and the expertise of the Redloft consultants advising and guiding us to fully compliant success.”

What does Cyber Essentials Plus involve?

There are five key elements of a Cyber Essentials Plus audit. These are summarised by Cyber Essentials (https://cyberessentials.online/cyber-essentials-plus) as:

• A sample of the organisation’s devices is selected, and an audit is conducted on each to ensure they are configured as set out in the scheme.

• These machines will be subjected to a vulnerability scan to confirm all patching and basic configuration is to an acceptable level.

• An external port scan of any internet facing IP addresses will be conducted to ensure no clear and obvious vulnerabilities or misconfigurations are present.

• The default email/internet browser will be tested to confirm how well configured they are to prevent execution of fake malicious files.

• Screenshots will be taken to use as evidence to show that the system is Cyber Essentials compliant.

Is your organisation certifiably cyber secure?

The 2023 Cyber Security Breaches Survey (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023) conducted by the UK government, found a staggering 32% of UK businesses and 24% of UK charities reported a cyber-attack in 2023. Sadly, this correlates with 67% of SMBs currently feeling that they do not have the in-house skills to deal with data breaches and more than half of the small-medium business surveyed having no formal cyber security strategy in place.

If you have concerns about your organisations IT security, are looking to implement more formal processes or would like to know more about Cyber Essentials, contact us today. Our business is securing your business.