Cyber-Security in practice can be exceptionally complex, but its essence is quite simple. It is nothing more than reducing or taking away risks. Experience shows that the most hacks (about 90%) are still using the simplest methods and weaknesses. Companies need to create and fortify basic cyber security solutions for these simple risks. Our process involves avoiding security system problems in the first place. We improve the odds of never having a catastrophic breach by making sure your basic cyber-security policies are being fully implemented and enforced.
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
“One of the main cyber-risks is to think they don’t exist.”
“The only system which is truly secure is one which is switched off and unplugged”
Conduct a Risk Assessment
Our top down security risk assessment doesn’t only fine-tune your cyber security response, but also helps prevent attacks in the first place. It involves putting yourself in the mind of an attacker. We identify what may be most valuable to them thus allowing us to focus resources to protect the most vulnerable data.
Incident Response Planning
We help in developing your Incident Response Plan. We’ll refer to the most recent changes in your plan and most current threats and regulations. We recommend the latest improvements, training, and preparation so your teams know how to act as soon as a threat is detected. Cybersecurity threats are evolving all the time. That’s why it’s important to be proactive. Improvements, training, and preparation need to be completed before the next major breach attempt. Each plan should be tested and kept up-to-date. Outdated incident response plans are likely to be ineffective.
- Enable operating system firewalls where available.
- Install a stateful hardware-based firewall.
- Configure firewall rule sets to be very restrictive.
- Examine changes required to support encrypted databases.
- Modify software to work with encrypted data.
- Safely store and protect the encryption keys.
- Remove user privileges to install software.
- Remove unsafe software from workstations.
- Establish a process for the evaluation of new software
- Evaluate and Train on existing security best practices
- Audit systems & procedures ensuring compliance.