Latest update for Cyber Essentials – Willow questionnaire from April 2025

By James Galbraith, Cyber Essentials Assessor There will be some important changes with the release of the Cyber Essentials Willow question set in April 2025. The government partner IASME, in consultation with Certification Bodies including Indelible Data, conducts an annual review of the scheme. Notable changes will occur in the following areas: Home workers Clarification …

Secure Your Mac: Meet Cyber Essentials Password Standards

This guide will walk you through the steps to configure your Mac’s passwords to meet Cyber Essentials compliance standards. Utilising the pwpolicy Tool Apple provides a powerful command-line tool, “pwpolicy,” to manage password requirements on your Mac. This tool allows you to customise various aspects of password complexity, such as: Minimum Password Length: Setting a …

Privacy concerns swirl around Microsoft’s new AI-Powered tool

sensitive information you’d prefer not to share writes Cyber Security Technologist James Galbraith. CoPilot is an AI-powered tool that co-ordinates content between Microsoft applications. It includes a feature called Recall. What are the privacy concerns surrounding the ‘Recall’ feature? There are privacy concerns regarding the Recall feature since it was launched in May. One of …

ThreatSure – Designed to be your ally in the boardroom

Do you crave an ally in the boardroom when arguing the case for more spending on cyber security? Threatsure delivers effective, affordable results that will highlight your vulnerabilities including missing patches; open ports and weak passwords. “Companies are looking for a cost-effective solution they can trust and we have designed this service to provide that,” …

Silent Sabotage: How the Polyfill.io attack tanked website traffic

A recent supply chain attack crippled a significant portion of the internet, impacting an estimated 100,000 websites writes Cyber Security Technologist Chris McGee. It exploited the popular JavaScript library Polyfill.io, leaving thousands of unsuspecting websites vulnerable. Brief History Polyfill is a small piece of code that bridges the gap between modern web features and older …

Caught in a cyber storm: Why is the UK experiencing a surge in attacks?

A series of high-profile attacks in the UK targeting Dell, Santander, Ticketmaster and a number of major hospitals in London has highlighted the need for all companies to invest in Cyber Security training for their staff Abbey Wright reports. Guy’s, St Thomas’s and Kings College hospitals declared critical incidents following a ransomware attack associated with …

Making contacts and getting inspired at CyberUK

By Business Development Manager Georgia Routledge-Moore Last week, Tony Wilson and I had the pleasure of attending Cyber UK. The much-anticipated show in Birmingham was a fantastic opportunity to showcase our services while connecting with new and familiar faces! CyberUK hosted a Women in Cyber breakfast that I was fortunate enough to attend. With only …

New UK law to better protect ‘smart’ devices

A new UK law has been introduced to improve the security of “smart” devices and embedded systems writes Cyber Security Technologist James Galbraith. Among the new regulations, manufacturers must not leave passwords blank or easy-to-guess. What is covered by the law? Among the products covered by this new law are: – Smart speakers – Televisions …

Critical PAN-OS Vulnerability: What You Need to Know

Due to a vulnerability discovered on Wednesday (CVE-2024-3400), Palo Alto Networks is working on releasing a critical security hotfix for the following versions of PAN-OS : 10.2.9-h1, 11.0.4-h1, and 11.1.2-h3. This critical security hotfix is to patch a vulnerability that was discovered with a CVSS severity score of 10 out of 10. The exploit allows …

Would Cyber Essentials have prevented the British Library’s cyber attack?

In October 2023, the British Library’s servers were compromised and around 600GB of files were exfiltrated from the servers and held for ransom. This included personal data of Library users and staff. In this BLOG Chris McGee analyses  the attack and considers what actions could have been taken to mitigate it. Source of the attack …