Secure your business against cyber threats
Policies and Procedures
The starting point is the creation of an Information Security Policy which will be backed up with more detailed procedures for specific topics. If you are creating policies for the first time, we have templates which will speed up the process and ensure you are covering all the required areas or we can work with you to tailor bespoke templates for your company.
If you have existing policies which are due for review (we recommend that this should be done annually) we can help you identify areas that need to be updated and incorporate current best practices.
Security Awareness Training
As a company becomes more secure, attackers will increasingly focus on the employees as the weakest link in the systems. The damage to your business can be substantial and with penalties for data breaches increasing it is important to train your staff and to show that you have done so.
You can reduce the threat by ensuring that your staff are trained to be aware of current phishing techniques and are fully involved in the process. We offer a comprehensive range of training and awareness packages ranging from face-to-face sessions to customised online programmes. These courses ensure your employees have a good base understanding of possible threats and how to deal with them. Going forward, as the threat landscape develops, these skills can be built upon accordingly. Our blog post helps you to understand how these can be combined with our phishing security tests to measure the effectiveness of the training and focus your efforts on the weakest areas.
Would your business be able to recover from the effects of a cyber attack? It is essential to get your operations back to normal as soon as possible after any major disruption and our business continuity planning allows you to make informed decisions to balance your level of risk with the cost of reducing the risk.
A typical plan starts by identifying risks which could affect your business’s ability to operate fully (or at all). The impact of each risk is then assessed and possible risk responses (accept, reject, transfer, mitigate) are decided.
Disaster recovery plans are then developed to ensure that your company has a viable way to recover quickly and effectively from the identified adverse events. These plans should be tested regularly to ensure they remain accurate and adequate.
We have experience with this whole process and can work with you to define your business continuity plans.
Mobile devices such as phones and tablets with access to business information are now common place. As a small business you may allow your staff to use their own device to access company data (so-called BYOD or bring-your-own-device). Managing the business data on these devices is an important part of your security arrangements. Do you know who has which business data on which devices? Is the data encrypted on the device? Are you able to remotely wipe the data or the entire device?
We can help you define appropriate policies and implement effective procedures to manage mobile security.
Virtual Chief Information Security Office (vCISO)
A vCISO is an outsourced security professional who can offer you expert advice remotely.
If you are interested in outsourcing your security management, we offer a Virtual (C)ISO service.
Our service gives you a named individual who will get to know your business and your Security Management system. That individual can then operate in an advisory role as an Information Security Officer (ISO) reporting to your in-house CISO, or can take on the CISO role, as you prefer. For smaller organisations, this arrangement often makes more sense than looking to recruit and retain a full-time in-house CISO, and is certainly more flexible.
We can structure packages depending on the level of support you envisage needing, and then adjust over time as we gain experience of working together.