Cyber Security Health Checks
How confident are you that your business can defend against cyber-attacks? An IT security health check can give peace of mind for your organisation!
The cyber risk to your organisation is ever-changing with new sophisticated attack methods. A cyber security breaches survey carried out by the department for digital, culture, media & sport, showed that during over four in ten businesses (43%) experienced a cyber security breach or attack in the last 12 months (2018). It is vital to have the fundamentals in place such as secure systems and infrastructure to mitigate these cyber threats. A cyber security IT health check by an expert cyber security consultant can help your organisation to understand its vulnerabilities to hackers, provide recommendations on how to minimise your cyber risk and help to prevent future costly cyber-attacks.
What is a cyber security health check?
Our Cyber Security Health Check service will provide your organisation an assessment of your key systems to ensure you are prepared in event of common cyber-attacks. Our consulting approach will help you to identify and address any gaps within your IT and business strategy and ensure you are mitigating the risks cyber-attacks pose.
Falling victim to a cyber-attack means that any organisation of any size could be exposed to detrimental impacts such as reputational damage which may affect your ability to attract new customers or investors, or the financial impacts as the average cost of a data breach is 2.95 million (2018 Cost of Data Breach Study) Adopting a cyber security strategy and knowing where the gaps are ensures minimal impacts from any cyber-attack!
This service is suited to any organisation looking to start implementing basic cyber hygiene into their business or organisations and provides a developed cyber security strategy, helping companies to understand their level of cyber risk and identify further improvements for their cyber security strategy. Our consultants can also recommend any security compliance or certifications which they feel will benefit your business and your clients, such as; cyber essentials certification or PCI:DSS compliance.
Benefits of A Cyber Security Health Check
A cyber security health check allows your organisation to understand the gaps in its cyber security strategy and put the controls in place to mitigate the cyber risks. Small Business Trends Statistics show that 60% of small companies go out of business within 6 months of a cyber-attack, with ‘14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective’. Therefore, it is important to have a cyber security strategy in place; the main benefits of a cyber health check include:
- A detailed report of your key cyber vulnerabilities
- A full assessment of your devices, infrastructure, payment security and business applications
- An on site visit from a certified cyber security consultant
- Cyber Security recommendations to implement based on expertise
- Identification of your current risk levels
Our Approach To Cyber Security Health Checks...
Our cyber security consultants will conduct an on-site interview with key management personnel to understand your organisations cyber risk level by asking the relevant questions taken from general security good practice and criteria from the ISO 27001 standard. Our consultants have a set of questions which covers 4 areas of your organisation’s security level, this will be used to provide you with suitable and measurable recommendations to improve cyber security within your organisation. The 4 areas that the health check covers are:
Security of devices
As a part of our cyber security health check we focus on looking at internal devices. Our consultants will look at the risks surrounding the devices your organisation uses. This will mainly include security of laptops, desktops and mobile phones.
We will assess policies at every level, analysing admin access and password security. To reduce the threat of hacks we ensure office devices and firewalls are safe. We’ll also work to encourage safe internet browsing within your organisation. These steps mitigate one of the main causes of vulnerabilities, your human cyber risk. As an added bonus, we will ensure web-facing devices have data backup and recovery processes in event of a breach or cyber-attack.
Office infrastructure is the structure of your organisation and the systems that you use. The health check will cover whether your WI-FI and wired networks are secure to ensure they do not pose any network security risks. This is by ensuring strong encryption or a secure WPA password. As part of the check, internet router security will be considered and fire wall rules.
Our consultants can investigate your configurations as part of the service. This could be; assessing your network, routers or Microsoft Windows which may be at risk to a cyber-attack.
Does your organisation process any form of card payments; online or in-house? Then card payment security should play a big part in your business. It is important to ensure you are keeping sensitive data secure that is used during payments. The systems your organisation uses should also be secure to mitigate risks.
It is a need to attest that you comply with PCI:DSS if you process card payments within your organisation. Our consultants can give you the advice on what steps to take for your organisation. We can support any businesses looking to complete the self-assessment. This is within our PCI:DSS service to help you address any compliance gaps.
Business applications will also be assessed as part of the check. This includes access controls to minimise the risk of unauthorised access to systems. Other areas such as two-factor authentication and data back-up/recovery will be evaluated. This is to ensure systems are in place that allow data recovery in the event of data loss or information.
Why Choose CS Risk Management?
CS Risk Management is an award-winning cyber security and risk management consultancy. We are currently in our 10th year of operation! We have helped organisations of all sizes improve their level of cyber security. We have also helped them to meet the requirements of various compliance programmes. This ranges from cyber essentials plus certifications, ISO 27001 and GDPR compliance. Our experienced cyber security consultants have various certifications such as CISSP and CISM…. they certainly know their stuff! We are ready and waiting to meet your cyber security challenges head on.