Ensuring that your information systems and data are properly secured against attack is critical for any organisation. Their IT team or support partner may have implemented some security features, but these will be technology focused (firewalls, anti-virus, MFA etc.). Often there is no-one within the organisation who has the experience with cyber security to ask the right questions of IT, and to provide good advice to senior management. The amount of work required may not justify hiring a full-time IT security manager. However there is a solution that will enable organisations to get the expertise they need on an on-going basis, whilst being cost-effective.
Organisations who have a cyber incident response plan are able to reduce the potential damage of an attack. They have already thought about the steps they should take, the decisions that may need to be taken, and the communications that would need to be issued.
Our online cyber security course is designed to be easy to use, and can be accessed from PCs/Macs, tablets and smartphones. We offer a flexible training programme to allow staff to leave part way through and to resume later at their, or your, convenience. New staff can undertake the course as part of their induction and we can provide a report on the progress of each staff member.
Our course takes your staff through an introduction to cyber security and then provides in depth information on how to spot and protect against different types of attacks. To engage your staff we also include a lesson on how they can protect themselves at home.
Criminals have become increasingly sophisticated in their attacks. They circumvent traditional email anti-virus measures by only downloading a virus after the email has been delivered and the staff member has clicked on a link or opened an attachment. And they change the virus code so that anti-virus on PCs and servers can’t recognise it.
They also use social engineering to increase the chance of fooling a staff member into believing the email is genuine.
A successful phishing attack can lead to encrypted files and a ransom demand or the release of confidential information (often the staff members’s login details) that can be used to launch further attacks.
Your staff are your last line of defence. Our Phishing Awareness Exercise improves their ability to spot phishing attacks, reducing the risk to your business.
Criminals are constantly looking for vulnerabilities in web servers and will take advantage of them as soon as they can. The impact can be disastrous to your business. From defacement to ransomware infecting visitors to your website, through to the theft of confidential information that your clients enter. And web browsers are beginning to alert users if a website is deemed insecure.
Both the underlying web server software (Windows or Linux) and the content management system used by your web developer (e.g. WordPress) can be vulnerable. We have seen business websites infected by malware which then infected clients (and potential clients) who browsed to that site.
If you are taking credit card payments – either via point of sale or a website – you will have signed a contract with your bank saying that you will meet your PCI DSS obligations.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, and American Express. It sets out twelve obligations that merchants must meet.
Firewalls, anti-virus and anti-spam can only provide limited protection. Criminals constantly change their virus files and delivery mechanisms to stay two steps ahead of security software companies. And they also use social engineering and email communications that appear genuine to convince users to download ransomware, provide confidential information such as usernames and passwords, and to pay money as part of fraudulent transactions.
Human error is a major cause of cyber security incidents. Misconfiguring a firewall or forgetting to apply the latest patches to a server or website can lead to systems being compromised, with the potential for ransomware infections or the theft of confidential data. Hackers constantly scan for ways through firewalls, and for vulnerabilities in servers.And lists of vulnerable servers are sold on the dark web.
We can give you peace of mind by regularly checking for errors so that they can be resolved quickly before hackers and other criminals take advantage of them. Our scanning tools are constantly updated to look for the latest vulnerabilities.
Most businesses know about cyber security risks. They know they should do something to protect themselves. But they are unsure of the steps to take.
Our Independent Security Review takes a strategic look at your business assets and procedures and determines whether you have reasonable protection in place based on the risk profile of your organisation and current best practice for your industry. We then provide recommendations on areas that should be secured now, and guidance to help you in the future.