- How to avoid choosing obvious passwords – such as those based on easily discoverable information, like the name of a child.
- Using common passwords.
- Where and how they may record passwords.
- Not to use the same password used elsewhere.
- Not using variations of old passwords.
Our Cyber Security Services
If you're a business owner and are reading this, you're probably aware that you need to do 'more’ but are unsure what that 'more' is.
Effective Cyber protection requires expert security knowledge, adroit understanding of the threat landscape and best practice remediation measures to intelligently protect your business. It's time to combat the ever-evolving and increasingly disruptive Cyber threats that your business face, using the right information combined with our Cyber Security services.
Data protection is becoming a 'must have' for organisations. Without it, you could face huge fines, reputational damage and potentially business loss as a consequence of a data breach. Your Cyber Security plan should be focused around data protection, such as how you secure, restrict and prevent unauthorised access to critical data.
Advanced Protection
With the Advancery's Cyber Security Operations Centre (CSOC) services, your business is proactively monitored for cyber threats. Our CSOC helps your business prevent, detect and respond to a large range of threats. The CSOC provides monitoring and alerting for all of your systems and infrastructure regardless of size or geography, enabling reduced risk and increased IT resilience.
Advancery employs the latest advanced vulnerability scanning tools available on the market to examine your software, devices, network and standard user behaviours to pinpoint any areas of concern.
Autonomous Pen Testing
Autonomous pen testing goes hand in hand with our patch management service. Giving you a more comprehensive understanding of what software patches are being applied and why.
We test your network every month and as new threats emerge. This helps keep track of your organisation’s risk profile in near real-time. This is equivalent to hiring a team of eCPPT, OSCP, and OSCE certified consultants.
IASME Certification Body
Advancery partners with an IASME Certification Body, which means we're able to audit and certify SMBs against regulated benchmarks. IASME (which stands for Information Assurance for Small and Medium Enterprises) is an affordable and achievable alternative to ISO 27001. It allows small companies to demonstrate their level of cyber security and show they are taking good steps to protect customers’ information. This is critical for growing companies with ambitions to win more contracts.
A company’s cyber security can be improved and supported by training your key people. We advise our customers to obtain the Cyber Essentials certification as a baseline. CE is a government backed scheme, which is highly supported by the tech industry, it raises awareness of threats and vulnerabilities so you can take a greater responsibility in protecting your business against common cyber-attacks. Advancery has all the experience required to guide you through Cyber Essentials and Cyber Essentials Plus.
Antivirus
Antivirus software is a critically important element of your cyber security package. The options for your business are varied and we can help you determine which antivirus software is appropriate for your needs.
Our team will conduct a full consultation, including an assessment of daily operations and hardware. Once we fully understand the virus threats your business is facing, we’ll recommend an antivirus that will protect and maintain security as your business grows.
Patch Management
It’s essential for your cyber security to make sure that software patches are deployed as soon as they are available. Patches are often designed to close vulnerabilities, but the patch’s release may also alert hackers to this vulnerability’s existence. As such, time is of the essence!
Patch Management is critical as an ongoing managed IT service to maintain optimum cyber security. Our team reacts automatically when a new patch becomes available, taking prompt action to install, configure and secure the new update as seamlessly as possible.
Securing Accounts
Securing access to systems with a username and password has been commonplace for decades now. Known as single-factor authentication, the requirement of a username/password combination to allow access to a system is of course essential for information security within every organisation.
Every organisation should have a password policy in place to enforce specific requirements for length, complexity, and history, but you should also publish guidance for users on password best practice.
With the shift to hybrid cloud and cloud computing over recent years, many organisations now host their IT infrastructure within the cloud, making their systems much more accessible. This accessibility brings additional security risks as these cloud-based systems are prone to attacks. The systems themselves are not necessarily insecure, but the use of weak passwords from their users has vastly increased successful data breaches.
To combat this, an additional layer of authentication security is required in the form of two factor or multi-factor authentication. Adding an additional layer of security combined with a password provides a much stronger authentication system. This second type of authentication is generally in the form of something you already have and may be an authenticator app on your smart phone, a physical access token or a one time SMS text a code sent to a mobile phone. More commonly now, 'push' technology is used on apps where you simply click an Allow or Deny button from your phone.
Many recent high profile breaches have not been down to vulnerable systems but rather a consequence of social engineering. Specifically 'MFA Spamming' for 'MFA Fatigue', this is where a attacker will gain a user name and password from a previous leak and then try multiple logon attempts which sends MFA requests to the user. The user may inadvertently or as a consequence of repeated requests simply allow, which then authenticates the attacker. As such we no longer recommend the use of 'allow', 'deny' push features.
Awareness Training
Research shows that human error is involved in more than 90% of security breaches. Teaching employees to detect and avoid cyberattacks isn’t easy but it is everybody's business. Inspire a culture of security awareness and reduce the risk of human error.
User security awareness training helps every employee in your organisation recognise, avoid, and report potential threats that can compromise critical data and systems, including phishing, malware, ransomware, and spyware. As part of the training, mock phishing and other attack simulations are typically used to test and reinforce good behavior.
Advancery's Security Awareness Training helps your business fight phishing and other social-engineering attacks by providing users with scheduled or continuous simulation and training to understand the latest attack techniques, recognise subtle clues, and help stop email fraud, data loss, and brand damage.
Our Address.
Head Office
19 Victoria Mews
Cottingley Business Park
Bingley
BD16 1PY
Tel: 01274 45 22 22
Lancaster
White Cross Business Park
White Cross
South Road
Lancaster
LA1 4XQ
Tel: 01524 29 30 00