Cyber Security Vulnerability Assessment Service
Working closely with trusted partners, we offer a thorough cyber vulnerability service that provides the client with an independent, focused-yet-comprehensive insight into the real-life cybersecurity of their systems and recommendations for any issues discovered.
Who is this for?
Vulnerability Assessments have proved to be useful for organisations that need to know how secure their cyber systems are, both generally or in specific areas.
The reasons for needing this assessment could be – for example – in preparation for a takeover or client on-boarding, an outcome of a risk assessment, or in preparation for a certification.
What does a Cyber Vulnerability Assessment cover?
We designed this to effectively be a significant extension of Cyber Essentials and Cyber Essentials Plus so that it is always based on the latest best practices, goes into much more detail, and covers many more areas such as Security Awareness Training (SAT); Authentication, Authorisation, and Accounting (AAA); domain and email protection; network security; Backup and Disaster Recovery (BDR); cloud services; and much more.
What is a Vulnerability Assessment?
A Vulnerability Assessment seeks to define, identify and prioritise vulnerabilities (weaknesses) in computer systems. This inlcudes applications, servers, and networks.
Only by understanding the potential gaps in your IT and cyber sytems can you begin to work at fixing and closing the access points.
General Cyber Security Tips
1. Keep Your Software Up to Date
Ransomware attacks have become a major attack vector since 2017 for both businesses and consumers. One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started:
2. Use Anti-Virus Protection & Firewall
Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.
Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. Windows and Mac OS X comes with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network.
3. Use Strong Passwords & Use a Password Management Tool
You’ve probably heard that strong passwords are critical to online security. According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:
- Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters.
- Don’t use the same password twice.
- The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
- Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
- Reset your password when you forget it. But, change it once per year as a general refresh.
If you want to make it easier to manage your passwords, try using a password management tool or password account vault. LastPass FREE is a great tool for an individual. LastPass offers a FREE account and has a $2/month membership with some great advanced password features.
4. Use Two-Factor or Multi-Factor Authentication
Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.
According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process.
5. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers
In a phishing attempt, the attacker poses as someone (or an organisation) in an attempt to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.
A few important cyber security tips to remember about phishing schemes include:
- Bottom line – Don’t open email from people you don’t know
- Know which links are safe and which are not – hover over a link to discover where it directs to
- Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors
- Malicious links can come from friends who have been infected too, not just unknown entities.
Get in Touch
We would be thrilled to hear from you