Just how confident are you that your organisation could stand up to a cyber-attack? Has your company had a risk assessment done?
OK, so you have an IT plan. You update your computers, have anti-malware and have an office firewall.
All good stuff: but does it actually keep you safe? How can you tell if you are missing a piece of vital protection which would ruin your day (and possibly your business) in the event of a full-on attack?
Our advice is not to cross your fingers and hope for the best. Our approach is to undertake a risk assessment.
Risk assessment… why?
The risk assessment, comprised of three parts, looks to identify:
- What assets need to be protected (what physical and information assets do you actually have)?
- What protection you have in place and how effective is it against known threats?
- If your organisation has a solid response plan in the event of such an attack.
The part which I often see neglected in this process is, once this information has been collated, and gaps or weaknesses have been identified, what steps should be taken to mitigate these risks?
The UK’s National Cyber Security Centre (NCSC) has considerable online resources which can help with the three parts of the risk assessment, as well as help to clarify the next steps to secure your crucial data assets.
Their “exercise-in-a-box” tool is a good first step for organisations who want to assess their current IT security and can make it clear what needs to be done.