It is widely reported that two thirds of businesses now suffer a compromise of some sort on a monthly basis, many of which end up costing thousands or even hundreds of thousands of dollars to rectify, IF IT IS POSSIBLE AT ALL. Your business is no different, you just don’t know about it yet. An audit will identify weaknesses in your business and help you shore up the defences. Protect yourself now for the same reason that you wouldn’t wait until your house burned down before you considered insurance?
In a recent article in The Guardian they write: “not only are small businesses now firmly in the crosshairs of cyber-criminals, they are fast becoming their favoured target – and are often woefully unprepared.” The cost of not doing anything can easily outweigh the cost of improving your defences and the cost of doing nothing is rising by the day. Reports by the US National Cyber Security Alliance found that 60 per cent of small companies that suffered a breach went out of business six months after the attack.
The new EU GDPR regulations will establish one single set of data protection laws across all 28 European member states, replacing their own legislations by 2018. Data controllers have to now notify the appropriate supervisory authority within 72hrs. Fines of up to €20 million or 4% of global annual turnover, whichever is the greater, will be levied on companies who suffer a breach. Should the company cause any person to suffer as a result of a breach that causes any material or immaterial damage, that person will also have the right to claim compensation.
Oh you think so? In the main the board and small business owners ASSUME that the IT department is protecting them, but they are not. Information security is not an IT function and whilst the best intentioned IT consultants do their best to secure your network (they usually do it under the influence of a raft of misconceptions), many vulnerabilities are not actually in IT at all. For example is it the job of the IT department to vet your staff? To organise clear-desk policies? To train users on social engineering attacks? Usually not!
Whilst we would love to say yes, there is no organisation anywhere in the world that is 100% protected. We are good at what we do so we will aim to deliver the best risk-mitigation strategy possible and that might even involve simply insuring against some risks. Either way it will be based on a solid business case designed to protect your business future, while you to grow your future business.
Whilst the information that we want to protect is usually in electronic form, the number of attack surfaces extend into many other aspects of your business. To that end our audits are not constrained to simply poking around at your network systems, but are far deeper and wider and encompass many non-IT related aspects.
We work closely with IT consultancies in order to a] Test the security posture of their clients b] reduce the culture of blame on IT for what is essentially a non-IT function and c] monitor and maintain the mundane and finicky stuff that IT departments hate such as virus guards and backup systems. But one thing we are definitely NOT, is an IT support company, we leave that to you and simply work with you to improve defences.
The consultants at Unity Metrix are specialists in their individual fields, with many years of experience and qualifications. We are very used to learning about, witnessing and clearing up compromised systems, we have broad knowledge of myriad security products, vulnerabilities, mistakes and consequences and we spend our every-day dealing with things that your IT department might every see on rare occasions. That is why we are experts and why we will see the things that internal technicians often miss.
Yes, we can help. Our aim is to protect companies so that they never have to experience the fallout of an attack, but in that event we do have the facility to help to get you back on track.
We can help draw up disaster recovery plans (DRP) for your business. We can also help with contingency planning, to help keep you running in the event of a system failure. In fact that is our raison d’être, just to keep your business running, period!