- Case Studies
- About Us
Information Security is becoming more & more important to businesses and individuals – legislation such as the Data Protection Act and the new General Data Protection Regulation mean that companies are mandated to ensure that personal data is secure, or face a considerable fine of up to 4% of the global company’s – or group of companies if the company is part of a group – turnover if wrongdoing is proved. In addition to data protection requirements, the information held by a company is vital to its ongoing viability. What if all of the invoice, timesheet & material use for a company was lost ?
These issues and more mean that its vital that a company protects the data it holds, and puts in place measures to ensure that the data is kept securely. This means some technical change, and also some training for staff. The easiest way for an attacker to compromise a computer system is to convince a user to do something which will allow access.
Most of these attacks are automated, and will scan your systems for any vulnerabilities – out of date anti-virus, old operating systems such as Windows XP or systems that do not have the latest security patches applied. The automated systems will then report back to the attack architects, and they will then exploit the vulnerabilities found – possibly by stealing data or encrypting your data and asking for a ransom to allow you access once again.
We can work with your current internal IT department or IT provider to audit your systems, compiling a GAP analysis of your information security processes, identifying areas for improvement & compiling an action plan to ensure that your risk of system compromise is lowered.
We will conduct a full network review, identifying all the equipment on the network and the status of those devices. They can often be updated relatively cheaply, and we will advise on the most cost effective way to carry out those updates. Part of the network review can include scans from the outside of your network to find if known vulnerabilities have been patched, or even ( with your written authorisation ) perform a full hacking attack to see if it’s possible to access your network in the same way that an attacker would.
The most vulnerable part of the network is the user. We can help to educate your users so that they will be able to spot potential hacking attacks or bogus web sites which will collect usernames and passwords. Courses can be delivered on-site and for many in the format of short ‘lunch & learn’ sessions that minimise disruption to the business.
Another process that can be put in place is to implement either the Cyber Essentials scheme ( click here to read more ) or the ISO27001 standard, which will provide a framework to ensure that the company will continue to keep the information it holds securely. Principality Consulting can help you to achieve & to retain these standards.
Call us on 0844 372 5856 or email us on firstname.lastname@example.org for a chat or for more information.