Criminals focus on exploiting business assets. We focus on protecting them.

Cyber security attacks are now a major risk for companies. Ransomware attacks that encrypt your files, phishing attacks that fool your staff into giving up confidential information, and fraud attacks that can lead to the loss of significant sums of money.

And focusing solely on technology for protection doesn’t work anymore. Criminals also use social engineering to bypass security controls and get to your staff.

At Secure Strategy we help you get ahead of the criminals, by working with you to identify the risk areas within your organisation. We then create a strategy you can use going forward, and recommendations to help you secure what you have now.

Read More

Cybersecurity

Why law firms are a target for criminals – and what you can do about it

The vast majority of cyber crime has a financial motive. Criminals want to make a quick return, and so will target assets that they can disrupt, and operations that they can compromise. Law firms make good targets because of:

  • The reliance on documents to generate revenue and provide client service. If the documents have been encrypted by ransomware, the firm grinds to a halt. The latest versions of ransomware also target databases – so the firm’s practice management system is also at risk
  • The amount of email correspondence received – this provides a great opportunity for phishing attacks
  • The number and value of funds transfers – especially if the firm is involved in conveyancing

    Read More “Why law firms are a target for criminals – and what you can do about it”

Frequently Asked Questions

I have an IT vendor. Why should I use Secure Strategy?

We are independent and completely focused on providing security advice and services to reduce the risk for our clients. We work with you and your IT vendor to achieve this. Because we only focus on security, we know about the latest risks and can help you avoid them. And we don’t sell hardware or software, so you can be sure that the advice we give you is solely for your benefit.

Read More “Frequently Asked Questions”

Our Difference

Traditionally, IT security has focused on technology measures such as firewalls, anti-spam and anti-virus.

However, that’s not what criminals pay attention to. They target your business assets such as documents and other files, email, and business processes such as payment instructions.

And the world has moved on from only having business information stored in offices, and only having staff use computers in those offices. Now business data can be stored in on-premise  servers and in public or private data centres,  and staff often work from outside the office.

Read More “Our Difference”

Services

Virtual IT Security Manager

Ensuring that your information systems and data are properly secured against attack is critical for any organisation. Their IT team or support partner may have implemented some security features, but these will be technology focused (firewalls, anti-virus, MFA etc.). Often there is no-one within the organisation who has the experience with cyber security to ask the right questions of IT, and to provide good advice to senior management. The amount of work required may not justify hiring a full-time IT security manager. However there is a solution that will enable organisations to get the expertise they need on an on-going basis, whilst being cost-effective.

Read More “Virtual IT Security Manager”

Incident Response Plan

Organisations who have a cyber incident response plan are able to reduce the potential damage of an attack. They have already thought about the steps they should take, the decisions that may need to be taken, and the communications that would need to be issued.

Read More “Incident Response Plan”

Online Cyber Security Training

Our online cyber security course is designed to be easy to use, and can be accessed from PCs/Macs, tablets and smartphones. We offer a flexible training programme to allow staff to leave part way through and to resume later at their, or your, convenience. New staff can undertake the course as part of their induction and we can provide a report on the progress of each staff member.

Our course takes your staff through an introduction to cyber security and then provides in depth information on how to spot and protect against different types of attacks. To engage your staff we also include a lesson on how they can protect themselves at home.

Read More “Online Cyber Security Training”

Phishing Awareness Exercise

Criminals have become increasingly sophisticated in their attacks. They circumvent traditional email anti-virus measures by only downloading a virus after the email has been delivered and the staff member has clicked on a link or opened an attachment. And they change the virus code so that anti-virus on PCs and servers can’t recognise it.
They also use social engineering to increase the chance of fooling a staff member into believing the email is genuine.
A successful phishing attack can lead to encrypted files and a ransom demand or the release of confidential information (often the staff members’s login details) that can be used to launch further attacks.

Your staff are your last line of defence. Our Phishing Awareness Exercise improves their ability to spot phishing attacks, reducing the risk to your business.

Read More “Phishing Awareness Exercise”

Website Security Review

Criminals are constantly looking for vulnerabilities in web servers and will take advantage of them as soon as they can. The impact can be disastrous to your business. From defacement to ransomware infecting visitors to your website, through to the theft of confidential information that your clients enter. And web browsers are beginning to alert users if a website is deemed insecure.

Both the underlying web server software (Windows or Linux) and the content management system used by your web developer (e.g. WordPress) can be vulnerable. We have seen business websites infected by malware which then infected clients (and potential clients) who browsed to that site.

Read More “Website Security Review”

PCI DSS Review

If you are taking credit card payments – either via point of sale or a website – you will have signed a contract with your bank saying that you will meet your PCI DSS obligations.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, and American Express. It sets out twelve  obligations that merchants must meet.

Read More “PCI DSS Review”

Security Awareness Training

Firewalls, anti-virus and anti-spam can only provide limited protection. Criminals constantly change their virus files and delivery mechanisms to stay two steps ahead of security software companies. And they also use social engineering and email communications that appear genuine to convince users to download ransomware, provide confidential information such as usernames and passwords, and to pay money as part of fraudulent transactions.

Read More “Security Awareness Training”

External Vulnerability Scan

Human error is a major cause of cyber security incidents. Misconfiguring a firewall or forgetting to apply the latest patches to a server or website can lead to systems being compromised, with the potential for ransomware infections or the theft of confidential data. Hackers constantly scan for ways through firewalls, and for vulnerabilities in servers.And lists of vulnerable servers are sold on the dark web.

We can give you peace of mind by regularly checking for errors so that they can be resolved quickly before hackers and other criminals take advantage of them. Our scanning tools are constantly updated to look for the latest vulnerabilities.

Read More “External Vulnerability Scan”

Independent Security Review

Most businesses know about cyber security risks. They know they should do something to protect themselves. But they are unsure of the steps to take.

Our Independent Security Review takes a strategic look at your business assets and procedures and determines whether you have reasonable protection in place based on the risk profile of your organisation and current best practice for your industry.  We then provide recommendations on areas that should be secured now, and guidance to help you in the future.

Read More “Independent Security Review”

Articles

Happy Clients

Our firm engaged Secure Strategy to conduct a cyber security audit. Simon made the process as easy as possible. He was very thorough and presented his report in an easy to understand format. Simon also came and verbally reported to the partners on the results of his audit. He made a number of recommendations and explained the risks attached to each one. We were then able to action those areas simply and easily and with an understanding of why these changes needed to be made. I am very happy to recommend Simon to other organisations.

Pam Brian, White Fox and Jones

We had identified that one of our Arrow websites was hacked. To immediately mitigate the problem we moved to a provider with better security. However we had no assurances that our sites were protected. We consulted with Secure Strategy to analyse our websites and provide an independent review of their security.

Security Strategy was easy to deal with. After an initial consultation, the analysis of our websites was completed shortly after. The report delivered was thorough and provided security risks in terms of priority. Arrow IT was able to then engage with the website host to mitigate security flaws.

Providing assurances that our sites are protected using ‘best in breed’ IT security is extremely important to Arrow. Our sites are used primarily to market the company brand and our intellectual property must be protected.  Secure Strategy has assisted in the support of this strategy.

If you are looking for fast, friendly, independent advice on security, I would suggest using Security Strategy.

Wayne Broekhals, Arrow International