Security

Cyber Security

PC Parts
PC Parts

What would happen to your organisation if customer information leaked, your company data was held to ransom, or your entire IT system was shut down?

Cyber security is about more than protecting technology. It’s about your reputation, your time, your customers.

Protecting your business from cyber security threats can feel overwhelming. That’s why we’re here to support you in your journey to becoming as secure as possible. From educating staff and gaining certifications to software and policies enabled.

Breakwater IT is certified in ISO27001 and Cyber Essentials. To gain the ISO 27001 award, we proved that we could not only prevent but defend against potential data system vulnerabilities. Take a look at some of the security services we offer below:

Cyber Security Audits

As cyber threats continue to advance, maximum levels of security are a serious consideration for any business.

To ensure your network has the best chance of combating cyber threats, we work with leading partners such as Microsoft, Cisco, Mimecast, and Datto.

With innovative solutions and collective knowledge, we can audit your current systems. We then make recommendations to remove vulnerabilities and enhance your defences.

Cyber Security Training

When it comes to security, the first, and most crucial step in protecting your business is educating your team – and we can help with this.

In partnership with Mimecast, we offer security awareness training. The training is delivered in bite-sized videos at regular intervals to keep your employees learning throughout the year.

Mimecast awareness training uses humour in the videos to keep viewers engaged. You’ll see regular characters in the videos including Human Error and Sound Judgement. These characters help make the training memorable, as Sound Judgement continually strives to stop Human Error causing breaches. Each video ends with a single question to test the viewer’s knowledge.

Alongside the awareness training we also offer simulated phishing attacks. These are designed to test your employee’s response to a potential email threat. You can use pre-made templates or replicate a legitimate phishing email with the harmful content removed.

To help keep our clients safe, we also send regular emails with tips and advice, as well as downloadable guides to share with employees.

You can download some of our free guides below or visit our Knowledge Hub for more.

Cyber Essentials

To help combat Cyber Crime, the UK Government introduced the industry-backed Cyber Essentials certification scheme. Getting certified reduces the threat of attack by up to 80%. It demonstrates your commitment to protecting your data, as well as your customer and supplier data. The accreditation also helps you to address other compliance issues, including those around GDPR.

We take the stress out of completing the certification byworking with you to complete it. In addition to offering the Cyber Essentials certification, we apply enhanced levels of protection. This is exclusive to our clients and is built around our own cyber security objectives.

Once you’ve passed your certification, we’ll follow up regularly using our own security standard review. This means there is no panic when your certification is due for renewal as we’ve been monitoring your security throughout the year.

Our security standard review is a points-based system. We check areas including backup and disaster recovery, external breach analysis and network security. We share this with you to enable us to work together on improving your IT security.

Security Enhancements

We include security enhancements in our standard support package to keep your business safe. These enhancements aim to protect your business from cyber threats using a range of policies. By default, we will install the following:

  • Logon / Logoff reports
  • Ransomware protection
  • Alerts of unencrypted disks

Additionally, you can request:

  • Disabling cloud storage devices
  • Prevention of public webmail access
  • Prevention of social media access
  • Disabling app stores
  • Restrictions on administration tools and scripts

These settings can all be put in place to reflect your organisational policies. The policies listed above are included in our IT support package.

Password Management

We’re frequently told that the biggest issue individuals have with passwords is remembering and storing them. But as a LastPass partner we can make that a problem of the past!

LastPass is an online vault which securely stores your passwords. The only password you’ll need to remember is the one to access the vault!

Sounds great, right? It gets better.

LastPass not only stores your passwords, but through browser extensions and its mobile app, it will detect the site you are trying to login to, and autofill the username and password for you based on what you have stored in the vault.

It can also generate unique, secure passwords for you, and flag any passwords that have been duplicated or found in a breach.

And if you need to share a password with someone in your organisation, you can do it through the LastPass portal. That means no more texting, emailing or instant messaging passwords.

LastPass isn’t just about your basic passwords though. You can also store other sensitive information in notes, or add addresses, card details and bank details.

If all of this wasn’t great already, LastPass business accounts come with LastPass families for free! That means you and your employees can use LastPass for personal passwords, and so can family and friends!

But why would you buy through us rather than going direct to LastPass?

We can take the burden off you with setup and ongoing support. That means when employees leave, forget their master passwords, or just need a helping hand, they can come to their local IT company where you know us, and we know you.

Plus, we can help with training you and your team on the platform.

Email Security with Mimecast

Mimecast delivers email security that protects you before, during and after an attack. Their cloud-based email security filtering removes risk by blocking 100% of known virusesand more than 99% of phishing emails before they reach your network.

In the event of an unplanned downtime, continuity and archiving services mean emails can be accessed and maintained. This means you can continue working without disruption. And if the unfortunate were to happen, your emails can be recovered fast.

In addition to all of this, Mimecast can support your brand through your email signatures. You can create and upload a company-wide email signature that will automatically apply to your sent emails from any device.

Penetration Testing

We offer penetration testing as a service for existing clients and businesses who are not a client of ours.

What is Penetration Testing?

Penetration testing, or pen testing, is a way of testing the security measures within an organisation. This is done by a series of attempted breaches, using the same tools and techniques and genuine hackers.

A team of ethical hackers will examine your IT systems, searching for weaknesses that may compromise your systems and data.

Once your pen test is complete, you will receive a report outlining any vulnerabilities and giving guidance on how to remediate any concerns.

Our penetration testing service is carried out by a third-party company. In doing your penetration testing through us, we’ll be able to work with you to address any issues following the results.

 

Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) is a step up from antivirus.

If you don’t know, and endpoint is a laptop, mobile, workstation, server; essentially any entry-point to your company network.

EDR performs real-time scanning of files and behaviours on an endpoint. It then collects data and analyses this to establish threat patterns. If it detects suspicious behaviour, it isolates the file until it is validated. EDR also includes automated remediation; undoing any damage caused by malicious files.

As EDR continuously scans changes to your endpoint, threats are detected much faster than with antivirus. There’s no waiting for a virus list or a scan to act. EDR can immediately stop malicious behaviour and alert IT teams.

By choosing EDR through us, you also get a detailed timeline of any incident. You’ll be able to view a history of the attack, including every alert. This helps to find the source of an attack to learn from it. Additionally, we deliver a managed EDR service meaning that there are real-life humans monitoring and responding to threats.

Web Browser Security

Web browser security offers you powerful protection across all devices and locations. It stops malware before it reaches your systems.

Regular monitoring of internet activity identifies anomalies and distinguishes patterns. The software will actively block and protect you from bad sites and bot nets. It can also be configured to report on internet usage.

USB Control

Without proper supervision over the use of USB devices, your business is vulnerable to data theft and the introduction of viruses. A single flash drive can collapse an entire network if managed improperly.

Our USB Control service manages which USB sticks can be used on your devices by registering those safe to use. We recommend you block all USB storage devices if they are not a requirement within your business.

Indigo Swan Logo
Breakwater IT have helped us vastly improve our cyber security and consistently work with us to improve our systems to make sure the technology we use meets the needs of the business and our staff. The level of service they provide us with is always outstanding.
Andy Kindleysides, Indigo Swan

Let’s Chat

Protecting your business from different cyber security threats can feel overwhelming. That is why we’re here to help you.

For further details in relation to how we handle the personal information you provide to us, please see our Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cyber Security FAQS

What is Cyber Security?

Cyber security is a means of protecting networks, systems, and programs from digital attacks. These attacks are designed to be disruptive. Aimed at stealing, changing, or destroying sensitive data. Often, attacks are used for financial gain by holding data or networks to ransom.

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication(MFA) is a process that requires two or more verification factors when attempting a login. For example: entering a password and an MFA app code.

 

To learn more about multi-factor and two-factor authentication, read or watch our guides:

View now

What is Two-Factor Authentication (2FA)?

Two-factor authentication(2FA) is a process that requires two verification factors when attempting a login. For example: entering a password and a text message code.

 

To learn more about multi-factor and two-factor authentication, read or watch our guides:

View now

 

What Is a Password Manager?

A password manager is a site or app which stores your passwords in one place. You will need to log in to your password manager before using it. But this is the only password you’ll need to remember. We would also strongly recommend enabling multi-factor authentication (MFA) too.

 

When logged in to a password manager on a web browser, you can add extensions to autofill your login credentials on sites. You can also store other login credentials. Password managers can also create random, unique passwords for you.

What is Phishing?

Phishing is a form of cybercrime which targets victims by email, SMS or telephone. Criminals will pose as legitimate organisations to trick you into revealing sensitive data, such as bank details or passwords. This then results in identity theft or financial loss.

What is Ransomware?

Ransomware is a type of infectious software designed to prevent you from accessing your files, databases, and applications until a request is fulfilled; this is typically a payment to the attacker.

 

What is Zero Trust?

Zero trust is a strategic approach used by organisations. It includes both employee attitude and security policies put in place. The attitude side encourages employees to validate every action they take, such as clicking on links in an email. The security policies may include restricting access to data or applications without certain validation, such as multi-factor authentication.

What is Social Engineering?

Social engineering is the social, or human side of cyber security. It is easier for criminals to manipulate a human than to try and hack software or devices. So rather than attacking technology, criminals exploit the users of the technology to get what they want. Social engineering can be done through a variety of methods. This includes phishing emails, phone calls or text messages, and in-person.

Key Documents

We’ve put together a range of guides to help you understand our security services and learn about how to keep your business safe.

Our free cyber security glossary is a great place to start. It will help you understand the common language used within cyber security.

Download and share these free guides:

Cyber Security Glossary
Breakwater IT – Security Enhancements
Mimecast Awareness Training
Guide to Recognising and Avoiding Phishing Attacks
Multi-Factor Authentication Guide
Laptop with an unlocked padlock on the keyboard
Client Story

East Anglian Air Ambulance

Enabling two-factor authentication.
View Client Story