Online Help

Cyber Security

Securing and protecting data is an essential requirement for all businesses, irrespective of their market sector or size. The challenge for many, however, is implementing and maintaining a level of information security that is appropriate to them. This can be achieved by adopting an approach to information security management that is based on continuous improvement and regular review – a management system. It is important to note that no two information security management systems (ISMS') will be the same, due to organisational differences in the actual and perceived values of information, business goals, risk appetites, demands by customers/regulators etc.

Your ISMS should be tailored to you and reflect your organisation, how you work, the terminology you use and be part of business as usual.

How do we achieve this?

Understanding your business goals/objectives

Our first goal is to understand what your organisation’s mission is, what your business objectives are and where information security fits into these. It is important to assess what the impact would be on your organisation if you suffered a loss of confidentiality, integrity or availability to your key information and to understand what your risk appetite is. Our approach is based on ensuring that information security is totally embedded and integrated into the day-to-day management of your business and is not some stand alone function.

Adopting a risk-based approach

This is the area where we believe we can add the greatest value to an organisation. We have been developing and honing our risk assessment methodologies and software tools to enable you to identify, in a scientific but practical and pragmatic manner, where your greatest information related risks are. By adopting such an approach, you will be able to save time and money by prioritising and implementing controls (technical, people, policy and process related) which are appropriate and relevant to you and that bring the greatest benefit.

Specialists in ISO 27001, PCI DSS and Data Protection

Having been involved in implementing ISO 27001, the International Standard for Information Security, since its inception, we believe we have unrivaled insights into the Standard’s requirements and how best to satisfy them. We strongly believe that with its risk-based approach and emphasis on continuous improvement, ISO 27001 provides an ideal and pragmatic information security framework for any organisation and the perfect internal and external demonstration that you take information security seriously.

Assisting organisations to comply and certify to this Standard is undoubtedly one of our distinctive competences and we, alongside our partners, have a track record of over 150 successful projects. We can offer you a service which matches your skills, resource availability, budget, timescales and aspirations. This includes full lifecycle services or assistance with specific aspects such as identifying and valuing assets, conducting risk assessments, developing policies and processes, conducting audits and developing and delivering security awareness programmes. We also regularly hold free seminars with our partners on implementing ISO 27001.

In terms of our expertise with the Payment Card Industry Data Security Standard (PCI DSS), Liit’s security partners have been certified by the PCI Security Standards Council (SSC) as Qualified Security Assessors (QSAs) to assess organisations to comply with the Standard. Our approach means we are also ideally placed to offer advice and guidance on courses of action you can take to best meet the requirements of the Standard, in a manner which works for you. In our experience, there are significant levels of confusion around the Standard and we are able to help you navigate it by understanding your current compliance status, how to achieve and validate your compliance and most importantly, how to reduce the burden of compliance.

Compliance with the Data Protection Act is another area of our expertise. Here, our team of experienced Data Protection practitioners can not only assess your current levels of compliance with the Act and how adequate and reliable your measures are, but they can advise how to make any improvements and also advise on what you need to do about General Data Protection Regulation (GDPR).

Cyber Security has never been so important. Liit offers a range of services to help keep your business and your data safe.

Managed Anti-Virus / Email & Web Filtering

All business networks of any size require managed anti-virus to help protect against malware, trojans and spyware. This should be mandatory. Our managed anti-virus will provide a level of protection against many threats, and even if it is unable to successfully neutralise a threat, it will send alerts where manual intervention is required. With approximately 200,000 new malware strains detected every day on average, it’s important to keep the anti-virus up-to-date. Our managed anti-virus will alert us if a device hasn’t received its updates, so we are able to take corrective action. We can remotely push any updates to devices, configure deep scans to run immediately and manage any potential false negatives, all without having to disturb the user from their work.

Most of the cyber threats today are generated from the web. It goes hand-in-hand with our reliance on web-based applications and requirements. Sophisticated threats such as Social Engineering and Trojans can often trick staff into thinking they are on a genuine website. Having a web filter will not only assist in blocking access to dangerous websites, but can also increase productivity by preventing staff from accessing social media, gambling or shopping websites.

Contact Us to Find Out more

Penetration Testing

Penetration testing (also called pen testing or ethical hacking) is the process of probing for vulnerabilities in your businesses IT systems. It is where a trained security expert will attempt to hack your systems in order to find any potential weaknesses that need to be strengthened. After a penetration test is performed, a report is generated with a list of any of the exploits and potential weaknesses as well as the advised remedy. Liit can also provide services to address the issues and plug any security holes post test.

Why is penetration testing important?

Having an assessment on the security of your business IT systems is essential in order to understand and strengthen the weaknesses. With new exploits being discovered on a daily basis, it’s important to have the test carried out by a trained security expert instead of using automated tools which will be unable to adapt as a regular hacker would, to the vulnerabilities.

To protect your business data, you should regularly conduct security testing in order to:

  • Identify security flaws so that you can resolve them or implement appropriate controls;
  • Ensure your existing security controls are effective;
  • Test new software and systems for bugs;
  • Discover new bugs in existing software;
  • Support your organisation’s compliance with the EU GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and other relevant privacy laws or regulations;
  • Enable your conformance to standards such as the PCI DSS (Payment Card Industry Data Security Standard)
  • Assure customers and other stakeholders that their data is being protected.

Contact us to arrange your Penetration test.

Cyber Essentials

The presence of cyber crime in the modern world is fast evolving and is a threat which is at the top of every organisation’s technology risks. In conjunction with CESG, the information security arm of GCHQ, the UK Government has developed the Cyber Essentials Scheme for organisations of all sizes looking to confirm they have correctly implemented cyber security controls. Through the Scheme, your organisation can verify its cyber security protection measures across 10 key areas.

In essence, these 10 areas cover the following 5 mitigation strategies against cyber risks:

  • Boundary Firewalls and Internet Gateways
  • Access Control
  • Secure Configuration
  • Malware Protection
  • Patch Management

Businesses with the Cyber Essentials accreditation show that certain basic security measures have been taken in order to protect the business systems and more importantly its data. The accreditation tells potential customers that this organisation is taking their data protection seriously, like all businesses should.

Liit can implement the security standards that adhere to the Cyber Essentials accreditation and also arrange for the steps required to take you through to receiving your accreditation.

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government's 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Source: www.gov.uk

Why certify to
Cyber Essentials

Gaining the Cyber Essentials Certificate can provide your organisation and your stakeholders with the confidence that your cyber security controls have been correctly implemented and that you have successfully taken the first steps in securing your assets against cyber threats. Cyber Essentials is a proven, cost-effective option for organisations of any size to establish basic cyber security and to demonstrate that the cyber security issue is taken seriously.

If you want to secure specific Government contracts relating to the handling of sensitive data and the delivery of a range of IT products or services, Cyber Essentials certification is a mandatory requirement. It is also a prerequisite for organisations who wish to elevate their certification to Cyber Essentials Plus, a more indepth security certification for businesses that require a more comprehensive assessment (such as the financial sector).

Contact us for further information on the certification process, or to request information regarding registration for certification.

Security Awareness Training

Cyber criminals will always target end users and, even with the best security system in place, end users will still need to be aware of any possible threats in order to avoid them. Ongoing cyber security education and training for employees is a must for businesses to stay secure.

Security Awareness Training is an education process that teaches employees about Cyber Security, IT best practices and even regulatory compliance. A comprehensive security awareness program for employees should train them on a variety of IT, security, and other business-related topics. These may include how to avoid phishing and other types of social engineering cyber attacks, spot potential malware behaviours, report possible security threats, follow company IT policies and best practices, and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.).

Although businesses may feel their employees wouldn’t be fooled by something like a phishing scam, cyber criminals still use this attack method because it continues to be successful.

With regular training for employees that includes phishing simulations, courses on IT & security best practices and data protection and compliance training, businesses can; significantly reduce risk, decrease infections and related help desk costs, protect their reputation by experiencing fewer breaches and secure their overall cyber security investment.

Contact us to arrange your security training

Network Assessment

Having full knowledge of what your business network looks like now – an understanding of the shortcomings and the security risks, along with a detailed picture of the computers, servers and network running in your business – is an invaluable tool to enable you to make decisions on where the budgets should be focused and where the improvements can be made.

Download example network risk assessment

Contact us to arrange your network risk assessment to identify any weaknesses and where attention is required.

Endpoint & Application Behaviour Security

A complete endpoint security solution for your business’ needs.

Is your business looking for threat protection, remediation, incident response and the benefits of a Security Operations Centre (SOC)? Fortify for Endpoint Security monitors your IT environment, detecting malicious threats and quickly remediating the attack, with 24/7 support from our experienced SOC. Get protected from multivariate ransomware attacks to the latest crypto mining infiltrations with advanced endpoint threat management from Liit, coupled with SOC monitoring and remediation services that stops active threats and minimises harm. Which is all backed by a $1m (£800,000) ransomware warranty.

Key benefits include:

On-demand security operations

Threats and attackers target SMEs the same as big enterprise firms, leveraging the same tactics. We provide a Security Operations Centre (SOC) that scales protection with your business, providing the staff necessary to drive threat remediation.

Simple deployment, always-available threat coverage

Our technology detects all known and unknown threats leveraging the latest behavior-based technology, regardless of where your endpoints are deployed (office, home, airport, café, hotel, etc.).

Next-generation threat detection and remediation

Our solution incorporates patented threat identification and remediation technology, to fully protect desktop and server environments for Windows, Mac and Linux, as well as virtualized servers in AWS, VMWare, Citrix, VirtualBox, and Hyper-V.

Ransomware peace of mind

A $1m warranty (£800,000) is included to cover costs for ransomware in the unlikelihood it is unable to protect or remediate. While it is not likely ransomware will ever impact you when using Fortify for Endpoint Security, it’s nice to know you are covered.

Complete SOC services

Implement advanced operations without the need for in-house security expertise. The complete Fortify SOC analyses quarantined applications and files, reducing false positives and ensuring comprehensive protection. We take care of the challenges of cyber security while you focus on your business.

Threat detection

Our solution rapidly recognises thousands of viruses and malware attack variants, including cryptomining attacks, as well as the root causes of these malicious behaviors, by quickly identifying and diagnosing corrupt source processes and system settings.

Response and remediation

When malicious behaviour is detected, Fortify for Endpoint Security will quickly rollback files to previous safe versions through tracking changes in your devices and restoring them to an acceptable risk state.

Next-generation Endpoint Security

Fortify for Endpoint Security utilises the patented SentinelOne platform for its unique malware detection and remediation technology. This solution incorporates the industry’s most innovative prevention, providing visibility into the root causes and origins of the threat, reversing the malicious operations and remediating them at an agile speed as needed.

Password Managers

Password Managers are becoming a crucial part of business security and productivity. It enables you to store all business related logins in the Cloud to allow employees access to online sites without having to share and manage individual passwords. It also de-risks the threat of a data breach with hidden passwords so that employees don’t have to know them in order to access the site (it auto populates the fields). This results in an increase in productivity with employees not having to waste time hunting around for logins, and also increased security, because when employees leave the business, their single account is disabled and all access is revoked. There is no longer a need to change the passwords for all the sites the business uses.

Contact us for more information on implementing a business Password Manager.

Dark Web Protect

Understand your business exposure on the Dark Web

Cyber criminals organise themselves on the Dark Web, planning and exchanging tools and information that enable and propel attacks against businesses of all sizes. But you can get the upper hand and understand if there are activities being plotted against your business by getting informed about the leading indicators of an impending attack; leaked credentials. By leveraging Dark Web reporting from Liit, your business will know which accounts and credentials are at risk of being used in an actual attack on your business email, website, internal network, desktops and laptop devices. Don’t become the next victim to cyber attackers. Get in touch to find out what your dark web risks are today!

Key Benefits

Reduced risk of account takeover, business email compromise and live hack

With deep insight into which business accounts are on the dark web and the duration of exposure, you can understand how much risk your business will endure and what you need to do in order to prevent a complete account takeover or business email compromise that could have significant financial losses resulting from it.

Improved password policy awareness for both business and personal safety

Our technology not only surfaces the accounts that have been leaked but the passwords, too. In doing so, you can assess the efficacy of your password policy and inform the impacted staff of a need to adhere to the corporate password policy. Better still, implement a password manager to ensure all passwords are adhering to a secure standard.

Improved awareness of threat actors and dark web activity

By utilising your domain as part of the dark web search for stolen credentials, we can get maximum coverage of business accounts on the dark web. In addition, we can surface the breach source and timeframe for when the account was stolen and then enable you to better understand the impact of the breach to your business and what you should be doing to prevent these threat actors from utilising these stolen accounts.

How we do it better

Identify business accounts available on the Dark Web

Our Dark Web report offers detailed visibility into your business accounts that are in circulation on the Dark Web. The report uses the latest technology to include the email address, credential (unencrypted password), the date the credential was stolen and the source of the theft (i.e. breach). We take care of the hard part of sifting through the dark web records in order to refine your cyber security strategy to keep you focused on your business.

Continuous detection of credential theft

Our solution provides always-on detection of credentials leaked or stolen that appear on the dark web. By including real time visibility we can help you stay one step ahead of the cyber criminals that want to take over your network, install ransomware and extort sensitive client records. We always sleep with one eye to the dark web so you can sleep peacefully.

Support password policy awareness or both business and personal safety

By enabling client password visibility, you can quickly determine which accounts are not abiding by the password policy which not only can help bolster better password practices at work but also better awareness on the need to keep separate passwords from personal accounts.

ISO27001 / ISO22301 / BS10012:2017 Certification

ISO27001 Information Security Standard – Protecting personal records and commercially sensitive information is critical. ISO/IEC 27001 helps you implement a robust approach to managing information security (infosec) and building resilience.

ISO22301 Business Continuity Management – Understand and prioritize the threats to your business with the international standard for business continuity. ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure your business recovers from disruptive incidents.

Personal Information Management | BSI – Protecting personal information has never been so important. As legal requirements such as the European General Data Protection Regulation (EU GDPR) are developed and enforced, organisations need to demonstrate that they take managing privacy seriously. And that’s where BS 10012 can help.

ISO/IEC 27001 is an International Information Security Management system (ISMS) Standard which was first published in October 2005 before being revised and updated in 2013. Along with ISO 27002 (Code of Practice), ISO 27001 provides organisations with a best practice framework for managing their information security. Achieving certification, entailing an external assessment of the ISMS by a certification body, provides you with the most effective means of demonstrating your information security commitment and capabilities to clients, internal and external stakeholders.

One of the key features of ISO 27001 is that it is risk based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account your risk appetite and the information you are seeking to protect. The goal with ISO 27001 is achieving an optimum balance, where the mandatory management system requirements of the Standard are being met while ensuring that your ISMS is tailored as fully as possible to your organisation’s size, culture and business objectives.

Achieving this optimum balance is where Liit and our partners excel. We are able to ensure that you gain maximum benefit from implementing ISO 27001 by virtue of our experience (150 plus certifications), consultancy expertise (all ex-information security managers with real world experience and understanding of the challenges you face) and our purpose-designed risk management tool (Abriska). Our consultancy services come not only with a 100% certification guarantee, but with the assurance that any implemented ISMS will be tailored, appropriate and sustainable. Liit’s ISO 27001 consultancy services are also totally flexible and our consultants can provide guidance and knowledge transfer across the full lifecycle or specific areas, such as assisting with risk assessments, policies and procedures, awareness and education, and compliance with legislative and regulatory requirements, including the Data Protection Act. Support will be tailored to your specific requirements and is often dependent upon your internal expertise and its availability, timescales and budgets. Liit and our partners also have a team of highly skilled and experienced auditors.

If you are looking to comply or certify with ISO 27001, we can provide you with two free sources of practical advice. Liit and our partners have combined together with BSI (the UK’s No. 1 Certification Body) to deliver half-day ISO 27001 implementation seminars which provide real-world insights on pitfalls to avoid and hints and top tips for ensuring a successful outcome. The contents of these seminars is based on the cumulative experiences of our partners and BSI implementing and assessing hundreds of ISMS’ over the last 10 years and the focus is on ‘how to’ certify.

In addition to attending free ISO 27001 seminars which are held approximately every 6 weeks across the UK, you can also take advantage of Liit and our partners free ISO 27001 health checks. The half-day health checks are aimed at organisations looking to certify to ISO 27001, which are looking to benchmark what they currently have in place against the requirements of the Standard. Following the health check, which is delivered by our senior consultants, you will receive a high-level report and graph indicating the maturity of the key components of your ISMS. The health check provides you with a perfect way of understanding your current compliance status, where your development priorities lie and the likely timescales and resources you will require in order to achieve certification.

BS 10012 is a British management system standard which has been developed to enable organisations to implement a personal information management system (PIMS). This provides a framework for maintaining and improving compliance with data protection legislation and good practice. The framework will help you to manage risks to the privacy of personal data and implement appropriate policies, procedures and controls. In March 2017, BSI updated this Standard in response to the introduction of the European Union General Data Protection Regulation (GDPR). Article 42 of the GDPR encourages the “establishment of data protection certification mechanisms… for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors”. This is exactly what BS 10012:2017 is intended to offer.

BS 10012:2017 follows the ‘Plan-Do-Check-Act’ continuous improvement model and is aligned to ISO Annex SL, adopted by all key management system standards, enabling organisations to integrate their PIMS with other standards, notably ISO/IEC 27001:2013. It is also a standard which organisations can now certify against.

By implementing and certifying your PIMS against BS 10012:2017, you will be able to:

  • Demonstrate your commitment to protecting client and stakeholder personal data
  • Identify risks to personal information and implement controls to mitigate them
  • Use the management system as part of a privacy compliance framework to demonstrate compliance with the GDPR and the revised UK Data Protection Act
  • Benchmark and continually improve your management of personal data against recognised best practice
  • Protect your reputation and minimise adverse publicity
  • Gain competitive advantage when seeking and retaining business.

As stated above, BS 10012:2017 has been drafted using the rules specified for management system standards in the ISO Directives Annex SL and follows the common structure and core text as standards such as ISO/IEC 27001:2013 and ISO 9001:2015.

With its wealth of data protection experience and expertise, Liit and its partners are uniquely placed to assist you develop and implement a Personal Information Management System (PIMS) and achieve certification with BS 10012:2017. These services range from conducting a gap analysis (where one of our consultants will assess your existing PIMS and compare it against the BS 10012 requirement) to full lifecycle services. We can also offer a readiness assessment service for those organisations seeking certification. With the full lifecycle implementation services, Liit and its partners can assist you meeting requirements such as:

  • Understanding and documenting the context of the organisation (including determining the scope of the PIMS)
  • Demonstrating leadership and commitment with respect to the PIMS (including establishing a PIMS policy)
  • Planning actions to address risks and opportunities (including defining a data inventory and data flow analysis process, a Data Protection Impact Assessment (DPIA) process and a risk treatment process)
  • Determining and providing the resources needed for the establishment, implementation, maintenance and continual improvement of the PIMS
  • Implementing the PIMS (including conducting risk assessments and ensuring the organisation meets the principles and requirements of the GDPR* e.g. to ensure that personal information is processed fairly and lawfully and in a transparent manner)
  • Evaluating the performance of the PIMS (including conducting internal audits and management reviews)
  • Continually improving the PIMS (including implementing corrective and preventive actions).

*For more information on meeting the requirements of the GDPR, contact us.

ISO 22301 is a Business Continuity Management System (BCMS) Standard which provides the effective means of assuring yourselves and stakeholders of your commitment to business continuity and that you have adopted best practice.

When implementing a BCMS, an essential ingredient is that you are following a process of continual improvement. A key activity within this process is performance evaluation, i.e. is your BCMS operating as you intended and as required? Auditing and review is one of your performance evaluation mechanisms. The auditing process is an ongoing activity, irrespective of whether your organisation is certified or not.

The biggest challenge faced by organisations when it comes to the auditing process is suitable resources; ensuring you have sufficient and suitable resources to manage the audit programme and conduct the audits. Auditors need to have the skills and knowledge sufficient to conduct effective audits. This means that they need to be able to audit specific business continuity processes, e.g. business impact analysis, plans, or exercising, and may need to visit geographically diverse locations in order to put documents in the necessary context. Therefore, auditors need to, not only be available to travel, but also to be able to demonstrate a level of independence from the area being audited. The people most likely to have sufficient knowledge of business continuity and therefore, assuming they also have audit skills, be the most appropriate auditors, often have a conflict of interest and may not be able to conduct the audit. There is also the additional burden of conducting audits of third parties who form part of the supply chain.

Having been involved in various Business Continuity (BC) projects and conducted numerous BC audits both internally and of third parties, we are ideally placed to assist organisations with their auditing activities. We can support the development of an internal audit programme and/or provide access to one of our audit specialists to conduct the audits. Where we conduct the audit, if desired, we will encourage your staff to shadow our auditor as part of our knowledge transfer philosophy.

Naturally, the audits will be bespoke to your organisation and can include the operation of the management system (e.g. document management procedures and corrective actions process) or the business continuity processes (e.g. business impact analysis, plan maintenance or plan exercising).

Our BCMS audit services can also extend to auditing third parties on your behalf e.g. verifying business continuity capability, plans and competencies.

We manage the full ISO 22301 internal audit process for a number of clients and would welcome the opportunity to discuss your requirements with you.

Microsoft 365 Security

The Microsoft 365 platform is one of the most targeted platforms on the internet by hackers. Millions of bots exist purely to try and gain access to user accounts in order to initiate high level scams, apply ransomware or to lock the business out from its data. There are many aspects to using Microsoft 365 securely, which all businesses should be applying as best practice to keep its data as secure as possible. Liit offers a range of software and services to set up security and counter the threat of data breaches. Being proactive rather than reactive in security could mean saving thousands in litigation expenses if your data is stolen and sold on the dark web. Or, a loss of productivity if the business succumbs to ransomware or being shut out of their system.