Frequently Asked Questions
Its simply the practice of keeping your digital world safe by protecting your devices, accounts and personal information from people who might try to steal, damage or misuse them.
It’s the practice of regularly keeping your devices, accounts and data safe from cyber threats.
- Update your software regularly, that’s application and operating software
- Use strong and unique passwords; plus turn on 2 factor authentication where possible
- Back up your important data
- Run anti-virus and security scans on a regularly basis
- Be mindful when you receive emails with links and attachments
- Be careful what you share online
46% of cyber-attacks are targeting SMBs and 62% of SMBs are having more than 1 cyber-attack per year. So, while it may not have happened yet, based on the stats, why wouldn’t you consider cyber security.
A cyber-attack can cost a lot of money and many businesses don’t recover when they get hit and unfortunately many go out of business. Without considering the necessary cyber security protections many businesses run the risk of reputational damage, financial implications and client trust which are important to all businesses.
Security awareness training teaches employees to recognise, understand, and avoid security threats like phishing, malware, and viruses that can compromise the organisation's digital security.
Employees are often the weakest link in security. Proper training empowers them to identify and respond to threats, significantly reducing the risk of security breaches.
Phishing exercises simulate fake phishing attacks to test and improve employees' ability to recognise suspicious emails and avoid falling victim to real cyber threats.
Cybercrime can damage your business’s reputation, disrupt operations, and lead to legal and regulatory consequences, potentially costing the business significantly.
Key threats include phishing, viruses, spyware, and malware. Each of these can infiltrate and damage your organisation’s systems if not properly addressed.
Training equips employees with the knowledge to identify, report, and respond to threats, thereby safeguarding sensitive data and ensuring continuous, secure operations.
Employees will learn to recognise different types of cyber threats, respond appropriately, and report them so that they can help prevent security breaches, protect sensitive company data, and contribute to a safer digital workplace environment.
Security awareness training educates employees on common cyber threats and safe practices, reducing the likelihood of human error, which is often a leading cause of security breaches.
Continuous training ensures that employees stay up-to-date with the latest threats and security protocols, maintaining a strong defence against evolving cyber risks.
The effectiveness of the training can be measured through periodic assessments, phishing exercises, and monitoring incident reports to see if there is a reduction in security breaches over time.
AI is technology that allows computers and machines to perform tasks typically associated with human intelligence. This includes comprehension, problem solving, decision making and creativity.
Its an assessment of the technology associated with your AI applications and identifying risks or vulnerability which could cause you harm if they were exploited.
There are several risks but a few to be aware of is data poisoning, which is when an attacker tampers with the data within the AI application. Data breaches and vulnerabilities in the infrastructure both of which are important considerations when utilising AI applications.
Depending on how you’re using AI within your business, it can be the system provider, the application owner or the business owner. However, having a responsibility model will need to be documented and signed off.
Using AI will depend on you and your business but there are things to consider before jumping straight into it. For example, have my employees had the proper training about AI, do we have the skills to maintain and manage the AI application internally, do I understand the privacy/data issue when using AI applications and do you understand that that data you may receive from your AI application may not be accurate for example it may provide misinformation or bias.
Its basically a safe, simulated cyber attacked carried out by security professionals to find and fix weaknesses in a system before they are exploit by the real attackers.
Its shows weaknesses in systems, applications and configurations before the attacker exploits them. It can also demonstrate to customers, partners and investors that you take security seriously and it also meets compliance requirements as many certifications now require regular penetration testing to stay compliant.
There are many different penetration tests which can be done on your estate for example, cloud, mobile application, web application, network, infrastructure, wireless and red teaming.
Depending on the complexity of your estate, the rule of thumb is that it should be done at least once per year.
Yes, we can penetration internally, it would mimic as though we were sitting in the office next to you.
It’s a UK government backed certification scheme designed to help organisations protect themselves from the most common types of cyber attacks.
It helps protect against phishing, malware, ransomware and other widespread attacks. Its also demonstrate a proactive commitment to information security by meeting baseline requirements. Finally, it reduces the likelihood of a successful breach and their associated costs.
Cyber Essentials is a self-assessment questionnaire that can be done online and has a quick turnaround. While Cyber Essentials Plus is a more external technical audit and vulnerability scan; which provides a deeper assurance of your security controls which is done by onsite check done by one of our accredited certifier.
12 months before a renewal is needed.
Organisations bidding for UK government work, companies in supply chain that require security assurance, small and medium sized businesses seeking to strengthen defences and any entity handling personal or sensitive information.
vCISO stands for Virtual Chief Information Security Officer and its an outsourced security leader who provides strategic governance, risk management and compliance oversight without hiring a full time person.
You gain a cyber security expertise at a fraction of a cost of a permanent hire and they can hit the ground running, tailoring their support to your budget and maturity level while you scale.
A vCISO can guide you through requirements for frameworks such as Cyber Essentials and Cyber Essentials Plus, as well as ISO27001 readiness and audit support and GDPR.
Look for proven industry experience and sector knowledge, clear methodology and transparent pricing and cultural fit and strong communication skills.
A risk register with prioritised remediation plan, policies, standards and procedures templates, security strategy and roadmap documents and monthly progress reports.
Pretty much any organisation will need a vCISO as cyber security has become more important in recent years and with many organisations being targeted by cyber criminals, its important that organisation have the correct expertise supporting them.
Its an automated process that identifies security weaknesses such as unpatched software, misconfigurations and missing controls in your systems, networks and applications.
Regular vulnerability scans help you detect and prioritise security gaps before they can be exploited. They form a key control in major compliance frameworks such as ISO27001.
Internal scans, external scans, authenticated scans, unauthenticated scans and code security scans.
There isn’t one single answer to this question, but a best practice mentions that scans should be done monthly. However, its not uncommon to do scans on a quarterly basis.
Vulnerability scanning is an automated, high level scan that identifies potential weaknesses where are a penetration test is a manual, targeted, in depth test which exploits vulnerabilities to demonstrate real world risks. Normally, a vulnerability scan is conducted before a penetration test.
Is Your Business Ready For AI?
To download our AI Readiness Assessment, please fill in your details.