Cyber security is vital to protect the assets of any business, but the Alternative Investment sector is a prime target. Recent market figures suggest that in 2020, in the financial sector, there was an increase of over 200% in cyber-attacks. Due to the market sensitive information and large amounts of capital that financial businesses handle a breach can be very serious and costly.
We have more than 15 years of experience working in the financial sector and cyber security has always been and remains our top priority. As technology continuously evolves, we use the latest technology to keep your business safe. In order to do this, we offer a number of services and tools to defend against a breach of important and sensitive information.
Passwords are a good form or security however many people use passwords that are easy to remember which can often also make them easier to crack. As soon as someone else has your password they will have access to the same resources as you.
By using a Multi-Factor Authentication (MFA) you are adding in another layer of protection. You can get them through an RSA token or use a mobile phone authenticator. A password alone is no longer enough to protect your assets and an attack is far less likely to be successful if you also have MFA in place.
Endpoint protection is a way to protect against known and unknown malware, viruses, and malicious code. It protects endpoints against network attacks on both known and unknown networks. It will also monitor compliance of the device and ensure it’s aware of the latest cyber security threats.
Stopping threats from reaching the end user is paramount as the user is the last line of defence against most cyber-attacks. Email is now, more than ever, the most popular attack vector for phishing, and data and credential theft.
Stopping these email attacks is therefore an obvious choice with a wide variety of vendors available.
Intrusion Prevention Systems / Latest Firewall Security.
If you have services exposed to the Internet, malicious code can be used to attack a wide variety of applications to gain access to them, such as Microsoft Exchange Server.
An IPS can prevent those attacks by analysing the traffic reaching the application and stopping the connection if determined to be malicious.
Ensuring the latest IPS signatures and firewall security measures are in place can prevent such an attack.
Mobile Device Management.
Managing the mobile devices that access your environments is paramount to ensuring that your business has a secure environment.
If you secure the company devices accessing your data, why wouldn’t you also secure how it is accessed from a mobile phone or any other device when commuting or working remotely.
Ensuring that devices are still supported by their vendor, receive updates, and are secured, encrypted and safe to use gives you the additional insight and piece of mind that devices being used across your business are secure.
If devices containing company data are not encrypted, the storage within them can be accessed without any additional access controls. Therefore, if such a device is lost or stolen, the devices data is also compromised.
Device encryption prevents this with a minimal performance impact and ensures that the data on the device is unreadable without the correct access details through username/password, PIN or biometrics.
Vulnerability scanning helps with detecting missing or insecure device configurations, verify if patches are installed correctly, highlight weaknesses in those devices and produce a final report that prioritises action points based on severity and risk.
Dark Web Monitoring.
If users are utilising credentials leaked on the Dark web, it puts your company data at risk to a breach.
Monitoring of the Dark web through third party services alleviates any risk of doing this yourself but also provides you with real-time monitoring and monthly reporting of breaches.
This gives you an early warning that users may then need to update their password in response to a website breach for example.
As part of the Dark Web Monitoring service we are also able to provide regular simulated phishing campaigns to the end users within our clients business.
We find that awareness courses are great and heighten awareness of end users however as these are usually completed once a year it’s natural for the awareness to fade over time, especially in a fast pace and demanding environment.
Being able to send simulated phishing emails in a sophisticated way and be able to report on the engagement and action of the end users gives opportunity to keep focus on security and remediate any issues that have been identified.
Data Leak Prevention.
If you routinely handle sensitive information such as passports, payment details or other PII, this information in the wrong hands could lead to ID theft and fraud.
Ensuring you have measures in place to prevent deliberate or accidental data leak, usually in the form of a security agent on devices, can scan outgoing data and notify compliance teams or administrators of possible leaks and block them before they occur.
Typical web filtering usually entails the blocking of unwanted content or productivity inhibitors.
However, web filtering can also prevent security risks such as data leaks, the use of alternative cloud storage platforms or malicious websites.
Alongside providing each of these important cyber security services to our clients we also provide a training service. Using easy-to-digest training our service aims to educate your employees on the steps required to ensure that your business is fully protected from cyber threats.