Birmingham 0121 647 6565
London 0207 871 9995
Email info@cygnia.co.uk
0121 647 6565 Birmingham
0207 871 9995 London
info@cygnia.co.uk
Call 0121 647 6565 to find out more or use our Contact Form

GDPR

Data Protection law will change on 25th May 2018 with the introduction of the General Data Protection Regulation (GDPR). With fines for non-compliance reaching as high as 4% of global turnover, GDPR is designed so that it will never be cheaper to suffer a breach rather than secure your network.

There are some helpful summaries on this page designed to give you an overview of what the new law entails but most organisations will need the help of dedicated experts to ensure compliance.

As a starting point it is important that those in charge of data protection can respond positively to the following questions:

  • Are you aware of what the GDPR encompasses?
  • Would you know if your data had been breached or accessed by an unauthorised party?
  • Would you be able to investigate what had gone wrong and fully report on what data had been lost within 72 hours of discovery?
  • Do you know the location of all the Personally Identifiable Information on your network and that it is stored securely?
  • Do you have positive consent for all the data you hold on your network?

GDPR Graphic

Cygnia Technologies are dedicated to helping business’s maintain a high level of cyber security and some organisations will have a lot to do to ensure their compliance with this regulation and the scope can seem overwhelming. Cygnia are ready to help these organisations with advice and implementation of procedures and technologies to make sure the maximum fine is avoided and their overall cyber security is comprehensive.


+   GDPR Readiness Audit

The purpose of the GDPR Readiness Audit is to identifying key areas of risk in relation to privacy and information rights for the forthcoming General Data Protection Regulation (GDPR).

The analysis exercise is conducted on site, typically for one day by a Data Protection expert. The consultant will assess your business processes against the current legislation and provide professional guidance and advice where risks have been identified. Issues that will be addressed include:

  • Improve your understanding of how the new law will affect your business
  • Understand where you are in relation to accommodating the new laws
  • Understand your use of data and where it resides on your network
  • Revise or introduce plans to bridge the gap from where you are to where you need to be
  • On-going measurement and management of compliance to GDPR regulations

+   GDPR Cyber Security Review

The GDPR Gap Analysis Review audits and tests the overall security of the organisation. It is designed to look at how an attacker may get in and how vulnerable the organisation’s systems are. The review can be as comprehensive as needed and include:

  • A physical test will be conducted to see if a challenge would be made to someone accessing IT equipment such as laptops, desktops and other IT equipment.
  • Physical site audit, taking into account how easy it is for someone to enter and move around the building with little or no permission or using a false identity.
  • An interview with the IT / Security / Network Manager with regards to security measures and procedures.
  • Analysis of Internal Systems – this would include a review of the password policy, the security around mobile and BYOD, assessment of business email including archiving and malware protection, remote working controls and user access controls for employees.
  • Assessment of end-user awareness
  • Network Assessment including patching, port controls and other protocols
  • Firewall Audit to review the installation of the firewall and the rule base. Recommendations will be made on security risks and performance improvements

Cygnia can also perform a vulnerability scan on externally facing infrastuctures and produce a report highlighting any issues.

After the initial assessment you will receive a professional report with our findings and recommendations. The report will include an easy to understand high level action plan allowing you to implement any recommendations quickly without our help. If necessary, we can make a return visit to check on progress but either way our goal is to help you reduce your exposure as effortlessly and quickly as possible. Our consultants will set out their recommendations and can create an action plan prioritising the order in which to tackle the tasks in hand.


+   Cyber Essentials

Cygnia offer certification against the Cyber Essentials Scheme, a government lead initiative designed to help companies defend themselves against the majority of cyber attacks. These are steps that all companies can take to prove they take cyber security seriously and ensure that neglecting the basics is not the cause of a major IT incident.

The scheme focuses on 5 main controls:

  • Setting up and securing boundary firewalls to prevent unauthorised access to the network.
  • Secure configuration including the removal of unnecessary account logons, software and default passwords. Auto-run features should be disabled, as should all unapproved connections.
  • Companies should implement a system of ‘least privilege’ meaning end-users can only access locations, files and applications that are needed for their day-to-day roles and no-one should have permanent admin privileges.
  • Malware protection on the endpoints can create a barrier against a number of virus and malware threats. It is imperative that these are kept up-to-date in order to be as effective as possible.
  • Patch Management of applications can ensure that any security updates from developers are implemented on your systems. Criminals will target these known vulnerabilities to gain access to systems and not patching can really make this easy for them.

+   Breach Notification and Forensics

Once an attack has been detected, responding to a data-loss incident quickly and in an organised manner is paramount in containing a breach, limiting exposure, stemming losses and preserving evidence. With Cygnia’s complete suite of Data Forensics and Incident Response (DFIR) services, you can respond with confidence to a security incident knowing you’re backed by security professionals with decades of incident response expertise and experience responding to thousands of data security incidents.
Incident response and forensic services include:

  • Incident response readiness training
  • Incident response plan development
  • Insider threat investigations
  • Retained forensics services
  • Emergency breach response
  • Intellectual property theft investigations
  • Employee misconduct investigations
  • PCI Forensic Investigations
  • Network and application intrusion analysis
  • Custom Malware detection and reverse engineering

This resources page is intended to be an introduction to a complex and far-reaching regulation. To get more detailed information about how GDPR will affect your organisation specifically, please call Cygnia Technologies on 0121 647 6565.

We knew the technology could do the job and was reasonably priced. What won us over was how helpful Varonis and Cygnia were. They were really keen to help set up a demo, and were able to move quickly to get us up and working in a matter of days.

Karl Kroger – Data and Security Administrator, Ipswich Hospital NHS Trust

Having worked with Cygnia for a number of years, we trust them to advise on our security infrastructure. Their recommendations on defending against cyber attacks is critical to our business. We are already seeing the benefits of this new technology and could not be happier with the implementation process.

Paul Stern – IT Network and Security Manager, Arriva Trains

Network security is imperative to C24, it is one of the defining areas of our business. The expertise of Cygnia around this area provides us with comfort, and in turn has allowed us to reassure our customers that their security is covered. We have also come to recognise that the service provided by Cygnia is, in our opinion one of the best in the industry.

Paul Hemming – Managing Director, C24

Implementing a Direct Access solution has made remote working much simpler for council employees; this has seen double the amount of people using the service. As a result the authority will save money by being able to consolidate its property portfolio and staff have benefited from greater flexibility in their work arrangements.

Gavin Booth – Telecoms Service Manager, North Yorkshire County Council

Cygnia’s Managed Firewall Solution has provided us with a great service. Our security is taken care of by experts, so we can focus on running the business.

Infrastructure Manager, DP World London

Cygnia have provided excellent consultancy services and have always responded quickly to support queries and issues.

Pam Rowley, Infrastructure Planning Manager, Staffordshire County Council

If you are looking for a proactive partner to advise you on the latest security vectors and help you get the most out of your Check Point investment I can certainly recommend Cygnia. Their Account Managers, Technical Consultants and Support Team have all been first class.

David Moore – Head of IT, Chiltern Railways