What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We’ve always had a policy that we have a new penetration testing provider every year, so as not to get complacent. We like to be tested, cyber security is so important to us as a business that we need to ensure we go through rigorous tests regularly.
We were looking for companies that have experience in that field as well as cyber essentials certification.
How did you go about searching for the solution and services? Our Security operations engineer found Evalian® from an initial google search – we looked at three companies as we always go to tender on three to ensure we get competitive prices.
Please describe the reasons you decided to work with us. For us, it’s as much about whether you get on with them on the call. Is it a two-way conversation? Do they understand what we need? Are they interested in working with us as much as we are with them? We wanted someone as a partner to support us, and work together on the requirements and we felt from our initial calls that Evalian® would do that.
Did you have any expectations going into the process? We’ve got a simple network setup, so from that point of view, we knew what we wanted and expected. Evalian’s processes were much clearer than previous companies we’ve worked with, particularly with Cyber Essentials. The team was much more open and communicative. The scope from Evalian® was good, if our consultants Matt or Thomas had to do something else, it just wasn’t a big deal, they were flexible with changes, and that was something we hadn’t experienced before and it stood out to us.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? For penetration testing there was nothing unexpected, we’d been through it before. We felt comfortable with the Evalian® process for the testing and it was done efficiently.
For Cyber Essentials Plus, our consultants Matt and Thomas did a lot of work upfront, which we were pleasantly surprised with. They took us through some pre-emptive tests – to make sure we had the tests ready for the Nessus scans and to make sure that when Thomas came to the site, it was an efficient and smooth process.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? We had a minor glitch when we couldn’t get Nessus to do the scan, but it was fixed very quickly thanks to our consultant’s expertise. There were a couple of minor things in the scans afterwards that Matt flagged up that we needed to remediate but it didn’t feel like an issue because the communication from our consultants was so good, we felt supported throughout the process.
We’d had an experience in previous years with very poor communication and so the fact that Evalian® came in and offered us 2-3 pre-meetings before the onsite engagement, made everything so much easier. Thomas had done everything bar a couple of scans by the end of the first day. Evalian® were happy to do the prep work ahead of time. The onsite support from our consultant was great, Thomas supported us throughout and was with us the whole time. We found Evalian® were very flexible in order to work together, it wasn’t a case of giving us a list of things to do and sending us on our way, it was very much a partnership.
For us, there was such free-flowing communication, it made such a difference and the support really stood out to us in what had previously seemed like difficult tasks. It confirmed to us that actually the things we had in place last time, were in fact correct and shouldn’t have been an issue in the first place. Evalian® gave us that reassurance.
What changes did you make as a result of working with us? We knew we were in a fairly good place, so the goal was to get Cyber Essentials Plus done this year, so we were in a strong place when testing came around. It was good to know that we’d gone in the right direction. From a Pen-testing point of view, Evalian® had tested a lot of external websites for us and found a few medium and low risks – we’ve since gone through those and asked our suppliers to remediate all of the issues raised, which is what they have done.
What has been the most significant achievement for your business facilitated by using our services? Gaining our Cyber Essentials Plus certification is a huge win for us. We are now the first housebuilder in the top 5 housebuilders in the UK to get Cyber Essentials Plus and get it properly, which is a significant achievement. It has also helped us with our Cyber insurance renewal which is due next month. The fact that we can get cyber insurance is also an achievement as other companies are unable to get it or simply can’t afford it.
What impact has the results from working with us had on your clients/stakeholders? Being able to say that we’re the only one in the top 5 housebuilders to have Cyber Essentials Plus, helps show our stakeholders that we take cyber security very seriously. The board and the executive leadership team regularly ask if we’re secure and if we are at risk of a breach – many of them have worked for companies that have suffered data breaches. They’re nervous about it, so it gives them that confidence from being able to see the stamp of approval that we’re regularly, independently assessed.
What do you hope to achieve in your future working relationship with us? We really liked the transparency and partnership that Evalian® provided – they worked with us and understood the requirements for us to be properly tested and that we take it very seriously. We’d be more than happy to use Evalian® again and look forward to engaging again in the near future.