Phishing Awareness Exercise

Criminals have become increasingly sophisticated in their attacks. They circumvent traditional email anti-virus measures by only downloading a virus after the email has been delivered and the staff member has clicked on a link or opened an attachment. And they change the virus code so that anti-virus on PCs and servers can’t recognise it.
They also use social engineering to increase the chance of fooling a staff member into believing the email is genuine.
A successful phishing attack can lead to encrypted files and a ransom demand or the release of confidential information (often the staff members’s login details) that can be used to launch further attacks.

Your staff are your last line of defence. Our Phishing Awareness Exercise improves their ability to spot phishing attacks, reducing the risk to your business.

Website Security Review

Criminals are constantly looking for vulnerabilities in web servers and will take advantage of them as soon as they can. The impact can be disastrous to your business. From defacement to ransomware infecting visitors to your website, through to the theft of confidential information that your clients enter. And web browsers are beginning to alert users if a website is deemed insecure.

Both the underlying web server software (Windows or Linux) and the content management system used by your web developer (e.g. WordPress) can be vulnerable. We have seen business websites infected by malware which then infected clients (and potential clients) who browsed to that site.

PCI DSS Review

If you are taking credit card payments – either via point of sale or a website – you will have signed a contract with your bank saying that you will meet your PCI DSS obligations.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, and American Express. It sets out twelve  obligations that merchants must meet.

Security Awareness Training

Firewalls, anti-virus and anti-spam can only provide limited protection. Criminals constantly change their virus files and delivery mechanisms to stay two steps ahead of security software companies. And they also use social engineering and email communications that appear genuine to convince users to download ransomware, provide confidential information such as usernames and passwords, and to pay money as part of fraudulent transactions.

External Vulnerability Scan

Human error is a major cause of cyber security incidents. Misconfiguring a firewall or forgetting to apply the latest patches to a server or website can lead to systems being compromised, with the potential for ransomware infections or the theft of confidential data. Hackers constantly scan for ways through firewalls, and for vulnerabilities in servers.And lists of vulnerable servers are sold on the dark web.

We can give you peace of mind by regularly checking for errors so that they can be resolved quickly before hackers and other criminals take advantage of them. Our scanning tools are constantly updated to look for the latest vulnerabilities.

Independent Security Review

Most businesses know about cyber security risks. They know they should do something to protect themselves. But they are unsure of the steps to take.

Our Independent Security Review takes a strategic look at your business assets and procedures and determines whether you have reasonable protection in place based on the risk profile of your organisation and current best practice for your industry.  We then provide recommendations on areas that should be secured now, and guidance to help you in the future.