It is essential to establish a cyber security baseline to close any existing vulnerabilities in your systems. As a result, you will protect your business against cyber threats. Clients ask us; ‘how can I do a cyber security assessment?’ because they are worried about how secure their IT systems are. Luckily, we can perform a cyber security assessment of your systems and determine if there are any vulnerabilities.
How do we perform a cyber security assessment?
When we take on new customers, we perform a cyber security assessment to determine how secure your IT systems are. Firstly, we conduct a Virtual IT Director meeting, where we work through your IT and operational systems and ask questions about them to find any security vulnerabilities.
We will ask questions like what software are you using? Do you know what kind of data you are storing and how risky is it? For example, do you have UK critical infrastructure and hold data? For example, patient data or credit card details would be high-risk data. However, marketing photos would be less at risk. By asking these questions and reviewing your IT systems, we can gauge your awareness of what could be at risk and what is protected.
Furthermore, you cannot fix security vulnerabilities just with security tools. So, we like to look at your operations and ask do your managers think about business security and if their business is secure enough? Is there a security culture from the top to the bottom of your business? For example, are your emails secure? Do you use 2-factor authentication? Are your staff trained to spot and flag a phishing email attempt?
Luckily, if you aren’t aware of these security measures, one of our experts can meet with you monthly and address the security risks we find in the security assessment.
Another way we can help assess your security is by helping you achieve your Cyber Essentials, Cyber Essentials Plus or ISO 27001 certifications. These are ideal because once you successfully complete the security measure, you have industry accreditations telling your customer, employees and stakeholders that you are taking their data and security seriously. Furthermore, they also help you make your business more secure by giving you an achievable list of security goals.
What kind of vulnerabilities do we often find?
Our security assessments find a plethora of security risks. In the past, we have discovered vulnerabilities like
- Businesses not protecting themselves against phishing attacks
- Inadequate passwords policies which cybercriminals can hack
- businesses do not have two-factor authentications on any systems
- A lack of adequate monitoring software
- No idea whether the networking is up to date
- No monitoring of logs
- Non-existent web content filtering or it is incorrectly configured
- Unprotected mobile devices with access to critical data
- The firewalls are out of date and configured incorrectly
- No encryption for your data
- Poor configuration for data backups, meaning the data is difficult, if not impossible, to restore in a disaster. Even a well-configured backup would take too long to restore to continue working without customers noticing service disruption.
- Larger customers might not know if their data has already been put at risk on the dark web, meaning their data could have been hacked, stolen and sold without their knowledge.
We recommend businesses assess and address their security products, services and operations procedures to protect their business data. Then they need to review them every month or quarter and then make improvements as threats change.
Can I get a free assessment?
We also offer a free, no-obligation initial assessment meeting to get a sense of where your security vulnerabilities are if you like the Virtual IT Director Meeting format. For more information about a free cyber security assessment, contact us today.