FIND OUT HOW WE CAN HELP
In addition to the impact and reputational risk of a breach, the Information Commissioner’s Office (the government authority that enforces Data Protection Laws in the UK) has the power to name and shame, and to impose fines on organisations who get things wrong where personal information is involved.
Data breaches are often due to basic technical control failures or happen when humans get things wrong. The latter is compounded by the growth of sophisticated social engineering techniques, manipulating people into giving out information or doing things they shouldn’t.
Hart Square provides a comprehensive security review, covering a set of best practice controls across a wide range of areas.
To help non-profits protect themselves against cyber attacks, we can offer a thorough cybersecurity assessment, with clear actionable outcomes. We start by assessing assets and data within the organisation, and the existing approach to cyber risk management. We then cover areas including:
- Security policies – are information security and acceptable use policies in place, and do they cover the right topics?
- Personal security – is staff access to sensitive data appropriately governed, what is the approach to cyber security training for staff?
Physical and environmental security – how are sensitive IT resources, such as your comms rooms and network equipment kept secure?
Access control and permissions – how are leaver accounts handled, how are permissions assigned to staff, what authentication settings are in place?
Malware protection and end point security – what anti-malware controls are in place to protect your devices? What controls are in place to defend against ransomware?
Internet security – how are firewalls managed and internet-facing web services secured?
Cloud, remote and wireless security – how are cloud platforms and remote access systems secured. Is wireless access securely configured and sensitive internal data protected?
Security update management – are all devices and their operating systems supported by their manufacturers? Are security updates installed in a timely manner?
Content management and data theft – most non-profits use email, portable media or web portals to transfer data. What controls are in place to protect that data?
Security of desktops, laptops, tablets and smartphones – have appropriate controls been implemented to secure data/emails held on portable devices and smartphones?
Business continuity and incident management – do appropriate plans exist, are they reviewed on a regular basis and are systems in place to detect security breaches?
Security testing – is vulnerability assessment and penetration testing conducted on a regular basis? Have incident response processes been tested?
Our reports and recommendations
During the review, we interview senior stakeholders and work with the people who have responsibility for keeping your systems and data secure.
Our reports contain detailed observations and recommendations, with risk assessments against each of them, and a jargon free summary.
We make recommendations as practical and as pragmatic as possible. We can present findings to senior stakeholders and boards with a governance remit for cyber security.
Where appropriate we can work with your teams to create a cyber improvement plan and advise on the best way to implement recommendations.