Overview of Cyber Security
There is a growing risk to businesses from cyber threats.
Cyber security is about “Protecting Business Information from Damage or Loss” by reducing the risk of a cyber attack and implementing methods of recovery in the event of a “breach”.
The IT industry is spending more and more effort to reduce the impact on businesses with new and improved products and services to keep pace. In short, the security landscape is constantly changing with businesses revenues and reputations being damaged at an ever-growing rate. The risks to businesses are amplified by the increased demand for mobile and home working with requirements to access information and services from multiple devices.
The National Cyber Security Centre (NCSC) (The UK’s independent authority on cyber security) have said – Every organisation is a potential victim. All organisations have something of value that is worth something to others, every organisation connected to the Internet should assume they will be a victim.
It is clear that the confidentiality & integrity of businesses data needs to be maintained so that it can be relied on. In addition, there are legal and moral obligations that need to be adhered to as well as needing to avoid any adverse impact on the business.
It is for this reason that we have worked hard to secure our own IT infrastructure and have been Cyber Essentials Plus Certified so our clients can be sure that we have good security measures in place.
We can see that more businesses are understanding why IT Security is so important and engage with a partner to perform cyber security audits.
Our Security Framework is based on the guidance provided by the NCSC’s 10 Steps to Cyber Security and its Small Business Guide, the Cyber Essentials checklist as well as the best practices from the ICT industry.
We focus on the following areas as advised by the NCSC:
1. Risk Management Regime – to understand the organisation’s Risk Appetite
2. Secure Configuration – Device Management, Business Applications, Endpoint Protection & Updates
3. Home and mobile working
4. Incident Management – Backup Restore & BC
5. Malware prevention
6. User Privileges
8. Network Security – Passwords, Servers, Services, Firewalls, LAN/WAN, Infrastructure
9. Removable Media
10. User Education & Awareness
10 Steps to Cyber Security
We use these steps as the basis for our Security Assessments. It is our view that Security is a Process, not simply a Product and that every business needs to have IT Security on its radar and routinely reviewed. We know that no matter how hard we try to protect ourselves there is always a possibility that a security breach could occur. However, by reducing our exposure to threats and being harder to attack we reduce the risk significantly.
We have for a long time be coining the phrase “ We protect business information from Damage or Loss” – this has never been more poignant than now.
We can help your business to balance the risk of potential loss or harm related to IT and show where changes and improvements need to be implemented to mitigate these potential risks.
Find out more about the 10 pieces of technical advice your business should consider putting in place
Our Security Assessment
Our assessment framework is based on the guidance provided by the NCSC’s Small Business Guide and 10 Steps to Cyber Security. In addition, we have taken the best practices from the ICT industry as well as the requirements of Cyber Essentials to form 2 levels of assessment that will depend on your risk appetite, give you the confidence to know how vulnerable your business is.
In either case, a set of pre-assessment questions will be asked followed by further details examinations of the systems and infrastructure.
Additionally, we install our Threat Analyser unit that is specifically configured to simply monitor the inbound and outbound traffic of the network. The resulting report will include threats, botnets, vulnerabilities, as well as user activity in terms of what websites and applications users are accessing.
The Basic Assessment is designed to fulfil the NCSC Small Business Guide topics, as well as additional points we feel, are required. It gives businesses a clear understanding of their defence against Cyber Attacks.
The Full Assessment is fundamental in preparing a business for accreditation for the following standards; Cyber Essential, Cyber Essentials Plus, ISO/IEC 27001, Payment Card Industry (PCI DSS) and General Data Protection Regulation (GDPR). Both the Basic and the Full assessments are is broken down into the NCSC’s 10 Steps to Cyber Security.
The findings will enable you to balance the risk to the business of potential loss or harm related to IT and show where changes and improvements need to be implemented to mitigate these potential risks. The analysis will report the findings with “traffic Light” indications so that the most pressing items can be clearly seen and a phased plan of improvements outlined. Our approach will be pragmatic and we will be able to provide practical solutions to any required IT changes.
Once the assessment is complete, we can refer you to independent assessors will help for the policies and processes needed to ensure your business complies with the required standards demanded of the business.
It is our view that Security is a Process, not simply a Product and that every business needs to have IT Security on its radar and routinely reviewed. We know that no matter how hard we try to protect ourselves there is always a possibility that a security breach could occur. However, by reducing our exposure to threats and being harder to attack we reduce the risk significantly.
Keeping your business information protected from cyber crime is high on our agenda.
Every business is different but some principals remain constant; primarily one tool can’t catch everything, which is why we recommend a layered approach with a combination of products and solutions. We will protect your organisation in the cloud, at the internet gateway with endpoint antivirus and malware all offering real-time protection. At the same time there are regulatory and business demands for your email and files which may need to be addressed.
There are several reasons why businesses choose to attain security certifications. For some, it’s in order to benefit from the best practice they demand while others decide they also want to get certified to reassure customers that the business is less likely to be affected by cyber-attacks. In some cases, contracts with clients, in particular Government, require certification to certain standards.
Of course, certification will give the management team a clear picture of the organisation’s cyber security level.
By using our assessment framework, we can prepare your business’s Security Fabric and Protection Services in readiness for full auditing by external assessors so that the required security standard can be achieved. The typical standards that businesses seek certification for are:
- Cyber Essential,
- Cyber Essentials Plus,
- ISO/IEC 27001,
- Payment Card Industry (PCI DSS)
- General Data Protection Regulation (GDPR).