CYBER SECURITY

Cyber Essentials
Security Audits
Cisco Umbrella
PCI Compliance
GDPR Advice

Cyber Essentials

Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common cyber-attacks.

These attacks cost organisations like yours thousands of pounds and cause lengthy periods of disruption. Do you have a plan for what you would do if your customer database was stolen, your website was forced offline, or you could not access your email or business-critical data?

The majority of cyber-attacks exploit basic weaknesses in your IT systems and software. Cyber Essentials shows you how to address those basics and prevent the most common attacks. The scheme is designed by Government to make it easy for you to protect yourself.

Achieving Cyber Essentials certification can seem daunting to organisations that are new to the world of frameworks, standards and certifications.

Meeting the scheme’s requirements can be challenging without the appropriate in-house expertise.  Using the services of a Cyber Essentials Practitioner such as Lithium can:

  • help you complete the Cyber Essentials questionnaire;
  • assist you in defining the scope of Cyber Essentials certification;
  • deliver policies and procedures to comply with the scheme;
  • adequately prepare you for certification.

To find out more please visit our partner website – www.cyber-essentials-scotland.co.uk

Security Audits

Network security audits are important because they help you identify your biggest security risks so you can make changes that will protect your company from those risks.

Our years of experience can help your organisation or business by evaluating its IT assets, reviewing your security policies and procedures, performing a risk assessment and finally conducting an evaluation of your Firewall, which includes an external penetration test.

You will then be presented with a detailed report telling you what we found along with a comprehensive list of recommendations and follow-up actions.

Contact us to schedule a network security audit today!

Cisco Umbrella

Umbrella, from Cisco, provides a low cost web filtering solution, which utilises the cloud to provide two major benefits to companies of any size.

  • Undesirable or questionable websites such as Pornography or gambling can be blocked at a company wide level, enforcing your companies acceptable usage policy.
  • Umbrella also provides cloud intelligence – blocking visits to sites likely to host malware, and stopping communication with botnets. This provides an additional line of defence to complement your anti-virus and is crucial in protecting against new threats such as Ransomware.

Umbrella typically cuts subscription costs by as much as two thirds against comparative systems; while eliminating the need for additional hardware, maintenance, and expensive support agreements. This product can also be used to protect public or guest wireless networks.

If you would like to give it a try, with a free 14 day trial account, please get in touch.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is administered by the PCI Security Standards Council (PCI SSC) to decrease payment card fraud across the Internet and increase payment card data security. Organisations that accept, store, transmit or process cardholder data must comply with the PCI DSS.

If you are a merchant, the PCI DSS applies to you. Even if you have subcontracted all PCI DSS activities to a third party, you are still responsible for ensuring all contracted parties are compliant with the Standard.

The Standard requires all applicable merchants and member service providers (MSPs) involved with the storage, processing or transmitting of cardholder data to:

  • Build and maintain a secure IT network;
  • Protect cardholder data;
  • Maintain a vulnerability management programme;
  • Implement strong access control measures;
  • Regularly monitor and test networks;
  • Maintain an information security policy.

Useful information

  • Payment Card Industry Data Security Standard (hyperlink)

GDPR Advice

The European General Data Protection Regulation (GDPR) is replacing the Data Protection Act 1998 (DPA) on 25 May 2018 and, in doing so, will introduce heavy fines for all organisations who hold personal information and are involved in a data breach.

Under the new laws, non-compliant companies will be fined a maximum of 4% of annual global turnover or £20 million. In addition to this, parties affected by data breaches, caused by your company, are entitled to file for compensation.

If your company holds personal information and is planning to undergo a General Data Protection Regulation (GDPR) assessment, or would like to, Lithium can be there to work with you every step of the way and help minimize the risk of fines in the near future.

Our advisors can work with you to risk assess your infrastructure and ensure it maintains a high security posture from the inside out. We can help you scope the areas of your network that need testing, perform an assessment and provide remediation advice where required.

Useful information: (hyperlinks)

  • Overview of GDPR
  • Accountability
  • Breach Notification
  • Fines