Having an online presence is a crucial requirement for many not-for-profits, organisations and small businesses as it acts as a digital shopfront. Whether it’s being used for e-commerce, to collect financial donations, signing users up to receive content or for information purposes only, data is passing through it.

This presents opportunities for crooks to gain unauthorised access to your company and can lead to ransomware, phishing and distributed denial of service (DDoS) attacks to name a few. So just like physical premises, a virtual version also needs to be kept safe and secure from intruders, but this can often be overlooked due to limited knowledge on how hazards can arise.

Here to guide and support

The Cyber Resilience Centre for Wales (WCRC) is a not-for-profit organisation, where the police, academia and private sector work in partnership to help charities and small businesses improve their cyber posture. The centre provides guidance aimed at those with non-technical experience to ensure that every charitable organisation and SME in Wales can implement best practice security methods for effective protection against online crime.

This is done through our free Core Membership programme which offers resources, toolkits, cyber threat alerts, a monthly newsletter and more, to help the business community improve its awareness of the ever-changing risks and how to action measures for better protection against them. There are options to upgrade to other packages and affordable services are available for those wishing to further increase their cyber defences.

One of the said services is the First Step Web Assessment (FSWA) so let’s have a look at how it can help with identifying any potential vulnerabilities with your website.

What is the FSWA?

The FSWA is a health check for reviewing your online operations and ensuring your cyber security is strong against the threat of online attacks. It’s designed by our private sector experienced security to provide small businesses, SMEs, charities and other third sector organisations in Wales, with an initial website assessment. It also provides our cadre of Cyber PATH students an opportunity to further develop their skills under the strict management of our supervising team.

What does it involve?

You can only know for sure that your online operations are above board by putting it to the test. The FSWA is considered an initial ‘light touch’ website assessment but will give you a detailed overview of what you need to do to increase your cyber safety.

Navigating cyberspace can be confusing, but we’re here to make things simpler to understand, with an easy first step on the journey to better cyber resilience.

What the FSWA assesses:

·       Domain and DNS records

·       SSL certificates

·       Email protections

·       Security headers

·       Outdated components

·       Directory discovery 

·       Vulnerabilities shown through automated scan 

The FSWA is not:

·       An overhaul of the site to assess the full functionality and settings within the site

·       A detailed assessment of the site compared to the Web App Testing Service, which follows the OWASP methodology

This service offers high-level insight into the risks associated with continuing to present your website online. Our Cyber PATH student delivery team uses a collection of tried and trusted assessment tools and techniques to assess websites against current industry-recognised best practice.

Our team will assess your website against known vulnerabilities, issues with configuration, risks relating to the software and risks relating to your website’s functionality.

Please note that where a website has been built using a website builder, i.e. Wix, SquareSpace etc we will not be able to security test, as the testing will be against the platform as a whole rather than the specific site. These services regularly perform their own security testing of their platforms therefore external testing is strictly against their terms and conditions.

How much does it cost?

The price of the FSWA is £100, but for charities based in Wales with less than 50 employees, then there are a limited number of fully funded assessments available. This is one of the ways we can use monies from our partners to deliver services direct to those who need them mos. Please get in touch if you’d like to boost your cyber resilience and we’ll organise a consultation.