Often charities and other similar organisations will put cyber security at the back of their mind due to preconceived notions regarding how long it takes to implement and the difficulty in managing it. However, vulnerability assessments are a great method of quickly and easily reviewing your IT security posture.

According to Forbes in 2021, 20.4% of all discovered vulnerabilities were either high-risk or critical-risk and likely to result in the compromise of services or data. Exploitation of these vulnerabilities is often trivial, however so is remediating. For businesses, the difficulties often lie in identifying vulnerabilities, which is where vulnerability assessments are incredibly useful.

What is a Vulnerability Assessment?

Vulnerability assessments are a systematic review of security weaknesses in an information system, looking at configurational issues and patching levels while offering remediation advice. By assigning severity levels to the issues identified, it allows you to fix the most important issues first, before moving onto lower severity problems.

Here at the ECRC, we offer affordable Cyber Security and Resilience Services through our free core membership, including three types of vulnerability assessments:

• Web Application Vulnerability Assessment – This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.
• Remote Vulnerability Assessment - Remote vulnerability assessments are focussed on identifying weaknesses in the way your organisation connects to the internet. Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.
• Internal Vulnerability Assessment - The service will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

By regularly carrying out vulnerability assessments, you are ensuring no virtual back door is left open for a hacker to sneak through.

So, what should my company do now?

The impact of a successful attack can be devastating, but there are simple methods to protect yourself against these common attacks.

Here at the centre, we would advise you to do three things now:

1. Contact us to arrange a meeting to discuss providing a Vulnerability Assessment for your company.
2. Join our free core membership by clicking here. You will be supported through implementing the changes you need to make to protect your business and your customers.
3. We would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk

Text messages can be forwarded to 7726