Cybersecurity Audits

Stay ahead of the latest threats to your business

39% of all businesses have been hit with a cyber attack in the last 12 months

Thats right, almost 2 in every 5 businesses have been impacted by a cyber attack in the last 12 months and that number is increasing all the time. 

How do I protect the company from cyber attacks?

First of all, you need to undertake a cyber security audit, you can’t work out what you need in place, if you don’t know what you have already.  

It isn’t just a case of having an antivirus package installed and a software filewall anymore. 

Below, we go through what a full cyber security audit entails. 

Cyber Security Audits For Education

Elements of a cybersecurity audit

First things first, overall process management needs to be audited including:

  • Company security policies
  • Security policies written
  • Training
  • Computer software list
  • Hardware asset list
  • Data classification by usage and sensitivity
  • Established chain of data ownership

Despite what you might want to believe, employees are one of the biggest risk factors when it comes to cyber security, a wrong click here, a seemingly innocent email attachment there, and off goes all your sensitive data.

  • Training on:
    • Phishing,
    • Handling and spotting suspicious emails
    • Social engineering hackers
  • Password management training and enforcement
  • Training on how to deal with unfamiliar faces in the workplace
  • Training on securing data on mobile devices and laptops
  • A full sign off procedure for staff training and regular updates
  • Ensure that Bring Your Own Device plans are in place to handle securing them

Business practices, simply put, what are you going to do as a business if you are hit with an attack.

  • Emergency and cybersecurity action plans
  • List possible sources of business disruption  and cybersecurity risks
  • Put a plan in place to reduce the impact of any business disruptions and security breaches
  • Emergency disaster recovery plans in place, including backups and alternative connectivity
  • Plans for an alternative location(s) for running the business in case of emergencies or disruptions
  • Ensure business-critical operations have redundancy and rapid restoration options
  • Regular testing of your restoration and redundancy plans?

A key part in your defence against Cyber Threats is your IT team or MSP

  • Make sure you have a system hardening plan in place
  • Check that automated system hardening is in place for all operating systems on servers, routers, switches, workstations, and gateways
  • Software patch management processes
  • Security alert mailing lists
  • Regular security audits and penetration testing, internal and external
  • Anti-virus software installed on all devices with auto-updates
  • Frequent review of log files and backup logs to make sure there are no errors, alerts in place for errors of key components
  • Plans in place for remote working and remote access of physical servers. 

Physical security needs to be factored in, an open RJ 45 socket, and easy to access wireless access point, can cause havoc in your company.

  • Lockable servers and network equipment
  • Secure and remote backup solutions in place
  • Keep computers visible
  • Use locks on computer cases and secure devices to work areas
  • Perform regular inspections of hardware
  • Authorised access to server rooms and networking hardware only
  • CCTV monitoring system
  • Secondary access types required for secure areas (Cards, Biometrics)
  • Secure rubbish disposal to prevent data leaks through rubbish collections
  • Is encryption enabled whenever possible?
  • Both physically and digitally secure laptops, mobile devices, and storage devices
  • Enable automatic wiping and remote data destruction of lost or stolen devices
  • Secure Sockets Layer (SSL) in place when using the Internet to ensure secure data transfers
  • Secure email gateways ensures data is emailed securely
  • Regular monitoring of all aspects of security
  • Regularly schedule physical and cyber security testing
  • External penetration testing to ensure your staff haven’t missed something
  • Ensuring specific data types are secure and properly stored
  • Why you should book a cybersecurity audit

    Ensure Your Data Is Protected And Safe
    View IT Operations From A New Perspective
    Identify Risks Based On Your Current Cybersecurity Solution
    Stay On Top Of Regulations
    Use Insights And Recommendations To Improve Your Security

    Want to book an initial cybersecurity audit consultation?

    Send us a message

    Other services that you might need...

    Microsoft 365

    Office 365 is now Microsoft 365, more powerful and more applications in one

    IT Support

    Award winning IT support services that cover all across the UK, onsite and remote