Information Security

Information Security consultancy and implementation

Enhance your Information Security:
consultancy and implementation

CompliCIS is a name to trust for information security protection and compliance:

Gap Analysis: a review of your Information Security controls to ensure the company is managing the confidentiality, integrity and availability of its information assets in the best way possible.
Implementation of an Information Security Management System (ISMS) that will ensure compliance to ISO 27001.

An information security management system...

is for any business that is uncertain what they need to do to improve the security of their systems and protection of their data.
can and does apply to organisations of any size.
covers all bases when it comes to:
- the main vulnerabilities a company’s information may have,
- the main threats that aim to exploit those vulnerabilities, and
- the controls – protections – that can be put in place to address the threats, by minimising the vulnerabilities.

CompliCIS has worked with many organisations across the UK – NHS Trusts to R&D Consultancies to Business Finance to Software Development – to ensure they achieve improved information protection, and have that externally checked by becoming certified to ISO 27001.

Protect your information – protect your business

The good news for small businesses is that they are not (currently) the top target of cybercriminals. Still, the statistics are quite frightening:

The number of small/medium businesses that reported having had data breaches is going up: from 54% in FY 2017 to 63% in FY 2019.
The FSB reports that 20% of their members had experienced a cyber attack against their business between January 2017 and January 2019.
The average cost of an individual attack is £1,300.

With an information security audit from CompliCIS, you will know whether your business is vulnerable to any of the more obvious ways to steal, destroy or even hold to ransom your data.

Some examples of the vulnerabilities your business may have, the threats looking to exploit those vulnerabilities, and the things you can do to protect against – mitigate – those threats, are:

If your email system is not checking for malicious emails (the main route for ransomware)
Employees not aware of the risks they are taking when they open a file from an unexpected email.

Ransomware attacks: installing software on your computer that encrypts the contents of your hard drive then demanding money to provide you with the password to unlock it
Phishing Emails: emails that are trying to get you to click on a link to a web page, or open an attached document, either of which will result in malware running on your computer

Malware detection software checking emails for known ransomware programs
Education: teaching the workforce to think about the email they are opening, before they open it: does it look genuine? Question every unexpected email – particularly if it looks like it is from a manager or colleague
Offsite backup: ensure your backups are made regularly and are not accessible from

Your firewall has not closed all the ways to enter a computer or network from the internet

Hacking: accessing a computer or network without permission. A Hacker can use an open ‘port’ in the firewall to access your system and install malware, or steal your data

Ensure all the ports that are not being used by your company’s IT systems, are closed so they cannot be used to mount an attack

Not keeping your business software updated with the latest version

The further away from the current version your software is, the more likely it is that a Hacker has identified a way of bypassing the security on the old version software that you run, to get complete access to all the information held in that system – and do whatever they want with it

For all your business-critical applications:
Watch out for messages from the supplier about software security patches and feature updates
Always update to the latest version of the software, as soon as you are able

Not setting your operating system to automatically update with the latest security patches

There are two types of operating system update:
The first provides Feature Update, so that your hardware and the software you purchase for it can run better with additional features now provided by the operating system. If you don’t update the operating system, it won’t matter until you want to use software or a piece of hardware that uses one of the new features in a feature update you have not installed
The second is a Security Update. These updates contain ‘patches’. A patch is a repair of the operating system, to close a loophole in the security protections built into your OS. Just as the software

For all your business-critical applications:
Watch out for messages from the operating system supplier about software security patches and feature updates
Ensure your computer is set to install security patches automatically – find out, if you don’t know how to do this