Over 10 years we’ve helped companies reach their financial and branding goals. At Wordaloud we are a values-driven technology agency.

Gallery

Contacts

66 Hatton Garden London EC1N 8LE, UK

info@wordaloud.com

+44 2082010490

Cyber Security Risk Assessment

Your details here

Cyber Security Risk Assessment

know your sector, know the trends

Cyber Security Risk Assessment

Re-organise your defence.

Cyber Security Risk Assessment

Have some Alarms in place in case of breach attempts

Cyber Security Risk Assessment

Re-enforce your trenches, audit your armoury.

  • Your Details
  • IDENTIFY
  • PROTECT
  • DETECT
  • RESPOND & RECOVER

Your Details

First Name

Last Name

Your Email

Repeat to confirm

Company Name

Website (URL)

Identify the Risk - With the right tools and services, you can see and interpret everything that takes place on your network.

1. Do you have visibility of all connected users, devices, data and services across your network? For example, you can monitor network activity, see what devices have connected, who owns which device, what services are accessed by whom and when.

2. Is your approach to cybersecurity correctly aligned with the needs and objectives of your organization, taking into account regulatory and legal requirements?

3. Are you regularly performing risk assessments to measure your threat exposure (including those from your supply chain, users, business partners and customers)?

4. Are you correctly insured against any damage or loss from cybersecurity incidents, including employee negligence or insider threats?

5. Is your organization compliant with the industry's and/or region's cybersecurity operational requirements, as appropriate?

protection is key - verify that the right information is accessed by the right people at any given time, and that old, unwanted or expired information is removed

6. a)Do you centrally manage and monitor all user accounts and login events on your network? b)Can you monitor and manage all file permissions on your network to ensure that data sets are only accessed by active and authorized users?

7. a)Do you prohibit account sharing across all services and users as part of your information security policy? b) Do you control and monitor what applications your users are allowed to install and use? Do you have an up—to—date inventory of all third—party applications running on your system, including their patch level? 28. Have you properly documented and regulated which users require access to which systems, data and other services (following the principle of least privilege)? 40. Are you aware of any systems or devices in your environment that cannot be patched or updated?

8. a) Do you enforce best security practices, such as unique complex passwords, multi-factor authentication, and where advisable, single sign— on to users? b) Have you renamed or disabled default accounts and passwords for all devices, services and software, including IoT devices (e.g. smart white goods, wearables, digital assistants, etc.)? c) Do you employ a defence— in—depth approach to cybersecurity, e.g. multiple layers of security controls throughout your network and services?

9. a)Do you allow IoT devices such as digital assistants, smart white goods etc. to connect to your network? b)Do you prevent users from connecting non— authorized devices to your network (physically or wirelessly)?

10. a)Do you allow "Bring Your Own Device" (BYOD) at your organization and if so, do you have an up—to—date policy to manage and control their access to your services and data? b) Do you allow users to access your network remotely (e.g. from home or while travelling), and are you confident the connection is properly authenticated, encrypted, and tracked? c) Are all users given regular cybersecurity awareness information and training, covering how to avoid the latest threats (e.g. malvertising, cryptomining, phishing, social engineering, and ransomware techniques)? d) Do you perform regular staff testing to identify poor security practices (e.g. simulated phishing attacks)? e) Do you ensure regular penetration tests, including vulnerability scans, are performed across all your systems, networks, and services (including third—party and cloud—based services)?

11. a)Can you remotely access, configure, audit, track and securely wipe any devices you allow on your network, even when they are outside of your network? b) If you provide guest access to your networks, do you provide segregation from your critical systems and sensitive data?

12. a)Do you track all systems, services, users, and contact lists to ensure anything unwanted or expired is deactivated or disabled? b) Do you have a reliable and regularly— tested backup and restore strategy for all important data and systems, with appropriate duplication and diversity of storage? c)Do you monitor all data leaving your devices and networks to prevent unwanted leaks (e.g. being copied to USB sticks)? d) Do you track that all Operating System, device firmware, software and security patches are up-to-date and automatically updated where appropriate?

13. a)Do you encrypt all sensitive traffic? b)Do you encrypt all sensitive data? Are all devices and storage media properly encrypted and secured against unwanted access or theft? c)If you are storing any data in the cloud (e.g. AWS, Google, Office 365, etc.), have you used all available tools and best practices to harden its security? d) Are you regularly scanning all the data on your network, including backups and archives, to ensure it is not harboring malware and has not been tampered with? 36. Do you have systems in place to ensure that all external services you provide (including websites, web applications and databases, remote login systems, etc.) are resilient to traffic spikes and distributed denial—of— service (DDoS) attacks? 37. Do you monitor for insider threats, such as analyzing user activity to spot any anomalous behavior (e.g. logging in from an unusual location, accessing unauthorized files, etc.)?

14. a) Have you properly documented and regulated which users require access to which systems, data and other services (following the principle of least privilege)? b) Have you accurately documented your security procedures and policies and involved all the appropriate parties, including external business partners and the supply chain?

15. a)Is your email traffic being scanned to remove any malware, spam, phishing attacks, and other unwanted content? b). Is your web traffic being scanned to detect and block malicious, fraudulent, distracting or unwanted traffic? c). Do you have fully operational, correctly configured, patched and updated firewalls on your endpoint devices and at your network perimeter? d). Do you have up-to-date, good quality malware protection installed, active and updated on all devices that access your network?

Detect - Have a functioning alerting system and don't get complacent at reviewing alerts

16. Have you an automated alert system to inform key IT personnel of unwanted behavior or activity on the network?

17. Have you an automated alert system to inform key IT personnel of unwanted behavior or activity on the network?

18. Are your security monitoring systems correctly configured to produce accurate, informative and easily accessible logs?

19. Do you secure your logs (using encryption, archiving, reliable backups, tamper prevention) as well as monitoring their access?

Find out what services are affected and react quickly

20. Do you regularly test your incident response plan to ensure that it's not only up—to—date and effective at mitigating dangers, but that it is also easily understood and actioned by all parties?

21. Does your incident response plan include coordinating with your business partners, users, customers and where necessary law enforcement?

22. Have you created and maintained a comprehensive incident response plan to help guide your action during an unwanted cybersecurity event?

23. Should a cybersecurity event take place, can you ensure that any restoration processes are properly coordinated with affected partners, users, customers and law enforcement?

24. Does your incident response policy include a post— mortem plan so that you can learn from a cybersecurity event and incorporate any lessons learned?

25. Do you regularly test that you are able to quickly repair or restore any data, devices or services that may have been compromised by a cybersecurity event?

What kind of budget does your company have to alleviate the most crucial concerns that you stated above?

We do group sessions to help our clients keep up to date with security issues. This eliminates panic for most minor concerns and helps you understand the evolving changes in cyber security. We do this every quater. Which sessions would you be available to attend?