Each year, we develop a range of content with the aim of educating organisations on cyber security threats and helping them defend their assets and reputation, so for us every month is Cyber Security Awareness Month. However, for the bulk of the population, October has been set aside for that purpose. If you haven’t made time to understand how you and your organisation can be affected by online threats, now is the perfect time.
To get your started on your journey to improving your cyber security, we’ve put together the list of questions we’re asked most often and some further reading (if you’re keen to learn more). Here we go:
Where do I start with cyber and information security?
Cyber security really isn’t as complicated as it seems. Sometimes, it’s like needing to write a report and the blank page makes it seem overwhelming. For many organisations, it’s about finding the right framework. That’s why we’ve put together a 101 on the three most requested frameworks: Cyber Essentials, Cyber Essentials Plus and ISO 27001; you can read it here: Which information security framework is right for your organisation? The choice between Cyber Essentials and ISO 27001
What’s the easiest thing to implement in my office?
In the same vein, there are many controls every organisation should put in place to ensure good defence against cyber threats—from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like penetration testing and phishing assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cybercriminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right. You can read our article here: What is password hygiene and why is it important?
How do I know what I need and what if I get the wrong service?
Finding the vulnerabilities in your defences is one of the first activities you should undertake when you’re looking to improve your cyber security posture. But, how do you do that? Well, as a starting point, you’ll need to decide between a penetration test and a vulnerability assessment. That sounds simple enough, but what’s the difference between the two? We get this question a lot and because we’re big believers in not investing in something you don’t need, we’ve put together an in-depth explanation; you can read it here: What’s the difference between a vulnerability assessment and a penetration test?
Am I investing my cyber security budget correctly?
On that note, are you investing in the right areas? You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in. Take a look at our article on getting the most from your budget: Is your limited cyber budget invested to maximum effect?
How do I educate my team to handle cyber threats?
The cyber threat is ever changing and even with the best technical defences in place, the end users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Our Director of the PGI Cyber Academy has put together a roadmap that any organisation can follow, and like knowing where to invest your budget, how you train your team also starts with understanding your specific threats. You can read the article here: Cyber education for your workforce – where to start.
What do I do when something goes wrong?
Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation. We’ve put together the five reasons you should have a cyber incident response plan in place (and some encouragement to put one together); you can read it here: 5 reasons your organisation needs a cyber incident response plan
How PGI can help
From educating your Board and workforce, to conducting in-depth penetration tests and information security management systems, our team of cyber and information security experts can help you defend your important assets and reputation. If Cyber Security Awareness Month has inspired you to take the first step, please contact us: call on +44 (0)207 887 2699 or email us at firstname.lastname@example.org
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Making ongoing compliance easier for you and your business
GDPR is now in force. Make sure your business meets the necessary requirements, providing assurance for all of your customers and employees.
A full audit of your business to assess the level of your compliance against GDPR requirements.
Become GDPR compliant with minimal work. We will conduct an analysis, review, report and implement any necessary changes to your business.
We will conduct simple security assessments to help you understand and mitigate the potential risks to your business.
Get your business ready to face the cyber challenge.
We provide a full range of accredited, certified and bespoke services that assess the resilience of your cyber security posture.
PGI’s Qualified Security Assessors (QSA) will help you meet Payment Card Industry Data Security Standards (PCI DSS).
Find out more on PCI DSS
Demonstrate your commitment to cyber security by achieving and maintaining accreditation for the globally-recognised information security standard.
Find out more on ISO 27001
Understand the threats of phishing and malware to avoid being targeted.
Undertake our phishing vulnerability assessment to reduce your organisation’s risk of attack, by measuring the cyber awareness of your workforce.
PGI will conduct a tailored phishing campaign, using multiple methods, to identify realism and train employees where necessary to mitigate future attacks.
PGI monitor multiple metrics to identify the types of phishing, generate in-depth analytical reports and provide an informed decision to help improve your organisation’s level of security and awareness.
Prevent attacks, respond to breaches and protect your business.
Our bespoke range of cyber security services not only protect your critical assets but provide the education you need to keep your operations and data safe.
Implement this cost-effective cyber security measure launched by the government to prevent cyber-attacks, demonstrate information security commitment to your clients, and attract new business by being recognised as a secure organisation.
Find out more on Cyber Essentials Accreditation
The most effective way to identify how attackers target your organisation’s weaknesses is by evaluating your system, your network security, and reporting on any vulnerabilities that could have an impact on your business.
Find out more on Penetration Testing
If your business has experienced breaches, network compromises or operational disruption, our team of cyber security specialists can deploy quickly, and will begin the process of detecting and eliminating the threat efficiently.
Find out more on Data Breach Response & Recovery
Data Breach Response & Recovery
We prevent attacks, respond to security breaches, and protect your business
Our team of specialists can deploy quickly and efficiently to begin the process of detecting, eliminating and preventing future threats of a breach.
A vital part of the response process is making a copy of your data for safe forensic analysis. We will work with you to preserve and use this evidence to discover the extent of an intrusion.
Find out more on Digital Forensics
We will identify and minimise the risks, as well as the possibility of future risks to your business.
Consistent interaction with your management team and recommendations on how to approach all outcomes that need attention.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.