Financial and property firms are highly attractive targets for cyber criminals. This is due to the large amount of money they process and their possession of highly sensitive data. For a small business entering these industries, it is important to have all bases covered when it comes to cyber security. This begins with understanding that no matter the size of your business, you are still a target. Many cyber criminals are opportunists; like a car thief trying the door handles of every car on the street, many hackers are not targeting you as a victim, but your vulnerabilities and unlocked doors.
The next step is to identify the vulnerabilities of your organisation. Human vulnerabilities can be combatted through education, making sure all staff are trained in knowing the signs of a potential scam and ensuring they feel reassured in questioning and reporting any suspicions. The physical vulnerabilities of your company are your systems, websites and social media pages. To strengthen these, it can be difficult to know where to begin, particularly if your specialty is non-technical. A First Step Web Assessment can be a great option to start with.
What is a First Step Web Assessment?
An FSWA is one of the affordable student services offered by the ECRC. The centre delivers these through university students on the CyberPATH scheme. Through CyberPATH, students are trained and monitored by senior ethical hackers to provide a selection of cyber services to businesses, which supports the future cyber talent skills pipeline and keeps the cost to a minimum.
A First Step Web Assessment is considered a ‘light touch’ service. It focuses on reconnaissance, which is the first stage an attacker would undertake to identify a vulnerable website, using a combination of active and passive techniques. Passive reconnaissance focuses on the information that can be extracted from your site without actively engaging with it. These processes will identify any sensitive data exposure or outdated components of your site. The FSWA also performs automated scans to identify additional vulnerabilities. This is not hugely in-depth and instead focuses on what can be identified from a high overview level.
What FSWA looks at:
• Domain and DNS records
• SSL certificates
• Email protections
• Security Headers
• Outdated components
• Directory discovery
• Vulnerabilities shown through an automated scan.
At the end of the assessment, you will be issued with a short non-technical report at a length of roughly 2-3 pages, detailing the risks to your site and the suggested mitigation measures. This service is not as in-depth and thorough as some of the others that the ECRC provides, but it is of minimal cost and a great step to take at the beginning of your journey towards improving your cyber resilience.
Becoming a free member of the ECRC ensures that you are supported through implementing the necessary changes to improve your cyber resilience. As well as affordable student services, the ECRC can signpost you towards various free tools and resources that exist to help SMEs improve their cyber security.
Additionally, becoming a free member enrols you onto our ‘Little Steps’ programme, a weekly email series designed to drip-feed you accessible and actionable suggestions for increasing your cyber resilience. Delivering this through short emails allows you to consider the status of your cyber security alongside other priorities and commitments.
The ECRC also offers several other affordable cyber services as well as the FSWA. These can be found on our website here. These are an affordable resource for businesses to consider but they are no means an expectation or pre-requisite of becoming a free member.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)