Frequently Asked Questions
1. What is cyber security?
Its simply the practice of keeping your digital world safe by protecting your devices, accounts and personal information from people who might try to steal, damage or misuse them.
2. What is cyber hygiene?
It’s the practice of regularly keeping your devices, accounts and data safe from cyber threats.
3. What are the common cyber hygiene practices?
- Update your software regularly, that’s application and operating software
- Use strong and unique passwords; plus turn on 2 factor authentication where possible
- Back up your important data
- Run anti-virus and security scans on a regularly basis
- Be mindful when you receive emails with links and attachments
- Be careful what you share online
4. Why should I care about cyber security, I’ve not had a cyber - attack ?
46% of cyber-attacks are targeting SMBs and 62% of SMBs are having more than 1 cyber-attack per year. So, while it may not have happened yet, based on the stats, why wouldn’t you consider cyber security.
5. Why is cyber security important for SMBs?
A cyber-attack can cost a lot of money and many businesses don’t recover when they get hit and unfortunately many go out of business. Without considering the necessary cyber security protections many businesses run the risk of reputational damage, financial implications and client trust which are important to all businesses.
1. What is security awareness training?
Security awareness training teaches employees to recognise, understand, and avoid security threats like phishing, malware, and viruses that can compromise the organisation's digital security.
2. Why is staff training crucial in preventing cyberattacks?
Employees are often the weakest link in security. Proper training empowers them to identify and respond to threats, significantly reducing the risk of security breaches.
3. What are phishing exercises in security training?
Phishing exercises simulate fake phishing attacks to test and improve employees' ability to recognise suspicious emails and avoid falling victim to real cyber threats.
4. How can cybercrime impact our business?
Cybercrime can damage your business’s reputation, disrupt operations, and lead to legal and regulatory consequences, potentially costing the business significantly.
5. What are the main cyber threats staff should be aware of?
Key threats include phishing, viruses, spyware, and malware. Each of these can infiltrate and damage your organisation’s systems if not properly addressed.
6. How does security awareness training protect our business?
Training equips employees with the knowledge to identify, report, and respond to threats, thereby safeguarding sensitive data and ensuring continuous, secure operations.
7. What will employees learn from security awareness training?
Employees will learn to recognise different types of cyber threats, respond appropriately, and report them so that they can help prevent security breaches, protect sensitive company data, and contribute to a safer digital workplace environment.
8. How does security awareness training help in reducing human error?
Security awareness training educates employees on common cyber threats and safe practices, reducing the likelihood of human error, which is often a leading cause of security breaches.
9. Why is continuous security training important?
Continuous training ensures that employees stay up-to-date with the latest threats and security protocols, maintaining a strong defence against evolving cyber risks.
10. How can we measure the effectiveness of security awareness training?
The effectiveness of the training can be measured through periodic assessments, phishing exercises, and monitoring incident reports to see if there is a reduction in security breaches over time.
1. What is artificial intelligence (AI)?
AI is technology that allows computers and machines to perform tasks typically associated with human intelligence. This includes comprehension, problem solving, decision making and creativity.
2. What is an AI risk assessment?
Its an assessment of the technology associated with your AI applications and identifying risks or vulnerability which could cause you harm if they were exploited.
3. What are the main risk s associated to AI?
There are several risks but a few to be aware of is data poisoning, which is when an attacker tampers with the data within the AI application. Data breaches and vulnerabilities in the infrastructure both of which are important considerations when utilising AI applications.
4. Who takes responsibility when AI goes wrong?
Depending on how you’re using AI within your business, it can be the system provider, the application owner or the business owner. However, having a responsibility model will need to be documented and signed off.
5. Should I use AI?
Using AI will depend on you and your business but there are things to consider before jumping straight into it. For example, have my employees had the proper training about AI, do we have the skills to maintain and manage the AI application internally, do I understand the privacy/data issue when using AI applications and do you understand that that data you may receive from your AI application may not be accurate for example it may provide misinformation or bias.
1. What is a penetration test?
Its basically a safe, simulated cyber attacked carried out by security professionals to find and fix weaknesses in a system before they are exploit by the real attackers.
2. What are the benefits of a penetration test?
Its shows weaknesses in systems, applications and configurations before the attacker exploits them. It can also demonstrate to customers, partners and investors that you take security seriously and it also meets compliance requirements as many certifications now require regular penetration testing to stay compliant.
3. What type of penetration testing is there?
There are many different penetration tests which can be done on your estate for example, cloud, mobile application, web application, network, infrastructure, wireless and red teaming.
4. How often should I penetration test?
Depending on the complexity of your estate, the rule of thumb is that it should be done at least once per year.
5. Can you penetration test internally?
Yes, we can penetration internally, it would mimic as though we were sitting in the office next to you.
1. What is Cyber Essentials?
It’s a UK government backed certification scheme designed to help organisations protect themselves from the most common types of cyber attacks.
2. Why is Cyber Essentials important for businesses?
It helps protect against phishing, malware, ransomware and other widespread attacks. Its also demonstrate a proactive commitment to information security by meeting baseline requirements. Finally, it reduces the likelihood of a successful breach and their associated costs.
3. What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment questionnaire that can be done online and has a quick turnaround. While Cyber Essentials Plus is a more external technical audit and vulnerability scan; which provides a deeper assurance of your security controls which is done by onsite check done by one of our accredited certifier.
4. How long is the certificate valid for?
12 months before a renewal is needed.
5. Who should consider Cyber Essentials?
Organisations bidding for UK government work, companies in supply chain that require security assurance, small and medium sized businesses seeking to strengthen defences and any entity handling personal or sensitive information.
1. What is vCISO?
vCISO stands for Virtual Chief Information Security Officer and its an outsourced security leader who provides strategic governance, risk management and compliance oversight without hiring a full time person.
2. Why should I hire a v CISO?
You gain a cyber security expertise at a fraction of a cost of a permanent hire and they can hit the ground running, tailoring their support to your budget and maturity level while you scale.
3. Can a v CISO help with compliance and certification?
A vCISO can guide you through requirements for frameworks such as Cyber Essentials and Cyber Essentials Plus, as well as ISO27001 readiness and audit support and GDPR.
4. How do I choose the right v CISO?
Look for proven industry experience and sector knowledge, clear methodology and transparent pricing and cultural fit and strong communication skills.
5. What deliverables will I receive?
A risk register with prioritised remediation plan, policies, standards and procedures templates, security strategy and roadmap documents and monthly progress reports.
6. What types of organisations need a vCISO?
Pretty much any organisation will need a vCISO as cyber security has become more important in recent years and with many organisations being targeted by cyber criminals, its important that organisation have the correct expertise supporting them.
1. What is Vulnerability Scanning?
Its an automated process that identifies security weaknesses such as unpatched software, misconfigurations and missing controls in your systems, networks and applications.
2. Why is vulnerability scanning important?
Regular vulnerability scans help you detect and prioritise security gaps before they can be exploited. They form a key control in major compliance frameworks such as ISO27001.
3. What types of vulnerability scans are there?
Internal scans, external scans, authenticated scans, unauthenticated scans and code security scans.
4. How often should I conduct a vulnerability scan?
There isn’t one single answer to this question, but a best practice mentions that scans should be done monthly. However, its not uncommon to do scans on a quarterly basis.
5. What’s the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is an automated, high level scan that identifies potential weaknesses where are a penetration test is a manual, targeted, in depth test which exploits vulnerabilities to demonstrate real world risks. Normally, a vulnerability scan is conducted before a penetration test.
Is Your Business Ready For AI?
To download our AI Readiness Assessment, please fill in your details.