Thrive Tribe

Thrive Tribe

Background

Thrive Tribe, a leading health and wellbeing organisation, sought to enhance its cybersecurity posture to protect sensitive client data and maintain trust with its stakeholders. As their outsourced managed IT provider, Espria were well placed to support Thrive Tribe with the certification, working closely with their team to guide and support them through every stage of the Cyber Essentials and Cyber Essentials Plus processes.

The Challenge

Thrive Tribe wanted to achieve Cyber Essentials and Cyber Essentials Plus certifications to ensure compliance with industry standards and to demonstrate their commitment to cybersecurity.

The Process

The certification process required Thrive Tribe to be assessed against five key security controls:

  • User Access Controls
  • Security Update Management
  • Malware Protection
  • Firewalls and Internet Gateways
  • Secure Configuration

The Espria Compliance Team worked closely with Thrive Tribe to ensure that all controls were up to the required standard.

Specific Steps Taken

  • Initial Assessment and Planning: Espria began by identifying any gaps in the requirements of the Cyber Essentials framework.
  • User Access Controls Implementation: Collectively, existing user access controls, were reviewed to ensure only authorised personnel had access to sensitive data and systems. This included confirming all systems were secured with multi-factor authentication (MFA).
  • Security Update Management: The team checked that all software and systems were updating within the specified 14-day period to maintain security.
  • Malware Protection: The installation and configuration of their antivirus and anti-malware solutions across all endpoints were confirmed to be in accordance with industry best practice and that real-time protection was configured correctly to detect and mitigate any potential threats.
  • Firewalls and Internet Gateways: The configuration of firewalls and internet gateways was reviewed to ensure they effectively blocking unauthorised access and were protecting the network from external threats.
  • Secure Configuration: Espria conducted a thorough review of system configurations to ensure they complied with security best practices.
  • Final Assessment and Certification: After implementing the necessary controls and measures, a final assessment was conducted to ensure compliance with the Cyber Essentials requirements. The self-assessment form was submitted and a third-party verification was conducted to confirm compliance.

Policies and Procedures Review

During the initial assessment, the Espria team reviewed several key policies and procedures, including:

  • Access Control Policy
  • Patch Management Policy
  • Antivirus and Anti-Malware Policy
  • Firewall Configuration Policy
  • Secure Configuration Policy

Cyber Essentials Plus

Following the successful completion of the Cyber Essentials certification, Thrive Tribe went onto achieve Cyber Essentials Plus which involved an external assessment. This verified the security measures outlined in the Cyber Essentials certification were actively in place and being monitored. The external assessment included:

  • Vulnerability Scanning: Thrive Tribe’s network and systems were analysed in order to identify any potential security weaknesses.
  • Device Testing and Assessment: All corporate devices were tested to ensure they were secure and managed in accordance with the Cyber Essentials Plus requirements.

Results

Thrive Tribe successfully achieved both Cyber Essentials and Cyber Essentials Plus certifications, demonstrating their commitment to cybersecurity and providing assurance to their clients and stakeholders. These certifications have helped Thrive Tribe to:

  • Enhance their cybersecurity posture and the protection of sensitive client data.
  • Build trust with existing clients and attract new clients.
  • Ensure compliance with industry standards and regulations.

Client Testimonial

As part of our ongoing commitment to cybersecurity, we saw the importance of achieving Cyber Essentials and Cyber Essentials Plus certifications for our existing clients as well as suppliers and prospective new customers. The support and guidance provided by the Espria Compliance Team was invaluable in helping us achieve these certifications.

Poonam Ahuja, Head of Managed Services at Thrive Tribe

In this post

    You may be interested in

    Your guide to leveraging NCE pricing to get the best value

    Renewing your Microsoft Licensing Agreement is an opportunity to align your IT strategy with your business goals. It allows you to take advantage of the latest technologies, optimise costs, and ensure compliance with industry standards. While this might seem straightforward at first glance, to achieve the best value and biggest discounts, it’s often more complex than it appears and navigating the renewalprocess requires careful planning. In this Blog we will walk through what you need to know about the new Microsoft Licensing rules,when to get the best value from your renewal, and how to review…

    Read the article

    Loving your customers with AI, cybersecurity and peace of mind with MSP support

    2024 has marked a massive shift for SME IT needs, as creating an appropriate and optimised business strategy has become an increasingly difficult challenge for business owners and IT operators nationwide.

    Read the article

    Protect your student data from continued ransomware attacks, says Espria

    With ransomware rates still high for education organisations, better security oversight and orchestration is needed across UK schools.

    Read the article

    Fortify and Reassure with Compliance and Cybersecurity Synergy

    With new cyber threats emerging, businesses will need to develop a seamless and blended approach to cyber and compliance for strategic success.

    Read the article

    UK businesses cannot continue risking reputation with shoddy security, says Espria

    Sophos’ 2024 Threat Report recently highlighted ransomware as the biggest existential cyber threat to small businesses. While cyberattacks on large companies and government agencies may receive more news coverage, Sophos reported that SMB’s are generally more vulnerable to cybercriminals and suffer more proportionally from the results of a breach.

    Read the article

    Peace of mind: Cloud is key in scaling systems to your business needs

    Meeting the demands of the modern-day SMB is one of the challenges facing many business leaders and IT operators today. Traditional, office-based infrastructure was fine up until the point where greater capacity was needed than those servers could deliver, vendor support became an issue, or the needs of a hybrid workforce weren’t being met. In the highly competitive SMB space, maintaining and investing in a robust and efficient IT infrastructure can be one of the ways to stay ahead of competitors.

    Read the article