top of page
Search

From Cyber Essentials to Cyber Essentials Plus: Shepherd Gilmour Raises the Bar on Digital Security

  • Writer: Andrew Waddington
    Andrew Waddington
  • Sep 23
  • 4 min read
Crowd of travellers with luggage in a busy airport terminal. Overhead signs glow with purple and yellow hues. An atmosphere of anticipation.
Airport disruption due to Increasingly prevalent cyber attacks

Living in an Age of Growing Cyber Threats

In September 2025, passengers at London’s Heathrow Airport faced significant delays when a cyberattack disrupted airline check-in systems. In the same month, Dublin Airport also suffered a separate cyber attack. Just weeks prior, Jaguar Land Rover had to halt production at its Solihull plant due to a similar digital assault. These incidents made headlines because of their scale, but they serve as a reminder that no organisation is immune from cybercrime.


It is easy for smaller businesses, or those outside of technology sectors, to assume that hackers only target large corporations. In reality, criminals often exploit vulnerabilities in small and medium-sized firms because their defences are easier to breach. In professional services, the prize for cybercriminals is access to sensitive client data, financial records, and intellectual property.


At Shepherd Gilmour, we recognise that protecting our clients extends beyond safe structural design. It also means safeguarding the digital information you trust us with. That is why we are proud to have achieved Cyber Essentials Plus certification, building on our earlier Cyber Essentials accreditation and strengthening our overall security posture.


What is Cyber Essentials?

Cyber Essentials is a UK government-backed scheme designed to help organisations protect themselves against common cyber threats. It is built around five technical controls:

  • Firewalls and gateways to block malicious traffic.

  • Secure configuration to ensure systems are set up safely.

  • Access controls so that staff only see what they need to.

  • Malware protection to defend against viruses and ransomware.

  • Patch management to keep software and devices up to date.


Certification at this level is obtained through self-assessment, supported by an external scan. It proves that an organisation has the fundamentals in place to reduce its risk of attack. In fact, research shows that businesses with Cyber Essentials in place are up to 80 per cent less likely to suffer common breaches.


Hexagonal icons displaying security symbols connected by lines, with a blue shield and lock in the foreground. Background has a tech grid pattern.
Cyber Security Essential Components

What is Cyber Essentials Plus?

Cyber Essentials Plus goes a step further. Instead of relying on self-assessment, an independent assessor carries out a detailed technical audit. This involves hands-on testing of systems, attempts to simulate cyberattacks, and checks that policies and practices are effective in reality, not just on paper.


For example, auditors test whether antivirus tools can detect live malware, verify that patches are applied quickly to high-risk vulnerabilities, and confirm that devices are properly secured. Only around one per cent of UK businesses currently hold Cyber Essentials Plus, making it a significant achievement.


Clearing Up Misunderstandings

Many clients still believe that cyber security is only a concern for financial institutions or major corporations. In truth, attackers frequently target smaller businesses as stepping stones to reach larger supply chains.


There is also confusion over whether Cyber Essentials is sufficient. While the basic certification is an excellent starting point, Cyber Essentials Plus provides a deeper level of assurance by proving that defences hold up under scrutiny. In the current climate, clients increasingly expect this higher standard from their professional partners.


Finally, some assume that all attacks are highly sophisticated. In reality, most breaches exploit simple issues such as weak passwords or out-of-date software. Cyber Essentials Plus directly addresses these vulnerabilities.


Hacker in black outfit holding a key near a monitor with a yellow lock. Images of bugs, credit card theft, and file stealing are displayed.

Why Shepherd Gilmour Took This Step

As a civil and structural engineering consultancy, Shepherd Gilmour handles sensitive project information every day. From architectural models to client correspondence, our work involves data that must remain confidential.


By achieving Cyber Essentials Plus, we have demonstrated to clients that:

  • Their data is protected to the highest UK standard for SMEs.

  • We meet government-backed security benchmarks.

  • We reduce supply chain risk for both domestic homeowners and commercial organisations.

  • We operate with resilience, ensuring projects will not be derailed by cyber incidents.


The certification process was rigorous. Our systems, policies, and staff practices were tested thoroughly. Achieving the Plus standard has embedded stronger cyber awareness across the company. This aligns with our other quality and compliance commitments, such as ISO 9001 and Constructionline Gold, reinforcing our reputation as a trusted partner.


By using tools such as two step authentication & 256-bit AES encryption as standard, as well as centrally managed virus and malware protection in the form of Microsoft Defender, we are able to maximise our cyber security while staying technologically relevant and innovative.


Woman with a green shield beside laptop and phone displaying "Verify" screens. Blue sky, clouds. Text: "Two Step Authentication."

Building Ongoing Resilience

Certification is not a one-time event. Cyber Essentials Plus must be renewed annually, and requirements evolve as threats change. Recent updates to the scheme introduced stricter rules for patching and network security. Shepherd Gilmour has already met these standards, ensuring we remain ahead of emerging risks.


Our staff now receive regular training to spot phishing attempts, manage data securely, and maintain safe digital practices. By combining technical controls with a culture of security, we have raised the bar for ourselves and, by extension, for the benefit of our clients.


Woman in red apron pointing at "Phishing Alert" sign on screen. Yellow envelope with email symbol on computer, blue background.

A Safer Future for Our Clients

For domestic clients, this means peace of mind that personal information such as addresses, drawings, or planning details, is kept secure. For commercial clients, it means confidence that their consultant is independently verified as a strong link in their supply chain.


When you work with Shepherd Gilmour, you can be assured that your data is as carefully protected as the structures we design.


Cyber Essentials Plus represents more than a certification. It is our commitment to you. In an era where digital security is as important as physical safety, Shepherd Gilmour stands ready to protect your interests on every front. What's more, we do not intend to stop here, and continue to push the boundaries each day to ensure our IT systems are robust and resilient in the face of ever increasing digital threats. Keep up to date on how we do this by following us on LinkedIn and Instagram.


Contact us today to discuss your next project, confident in the knowledge that your data and designs are secure with Shepherd Gilmour.


For those interested in further reading, the National Cyber Security Centre is a highly valuable freely accessible resource with a wealth of information on how you can better protect either yourself, your loved ones or your business from the ever increasing threat of cyber attacks.



Comments

bottom of page