Cyber Security Risk Assessments


Research conducted by the National Cyber Security Alliance found that:
  • Almost 50 percent of small businesses have experienced a cyber attack.
  • More than 70 percent of attacks targeted small businesses.
  • As much as 60 percent of hacked small and medium-sized businesses go out of business after six months


Data security and client confidentiality is everything for businesses. But do you know for certain that you are properly defending yourself from ransomware, hackers, and Phishing Attacks? Vulnerabilities like outdated software, improperly configured firewalls, and unacceptable password complexity are just a few well-known security holes. Email hacks, spoofs, and phishing attacks often slip by and sell client data on the dark web without employees noticing. What would happen if your business was compromised? Would your clients still trust you with their sensitive data?


What is a Cyber Security Risk Assessment?

The objective of a threat and risk assessment is to provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. In order to best determine the answers to these questions a company or organization can perform a threat and risk assessment.

The Cyber Security Assessment includes:
  • Scope: It identifies what needs to be protected, the sensitivity of what is being protected and to what level and detail.
  • Collecting Data: This step involves collecting all policies and procedures currently in place and identifying those that are missing or undocumented.
  • Vulnerability Analysis: The purpose of vulnerability analysis is to take what was identified in the gathering of information and test to determine the current exposure, whether current safe guards are sufficient in terms of confidentiality, integrity or availability.
  • Threat Analysis: Threats are described as anything that would contribute to the tampering, destruction or interruption of any service or item of value. Some examples of threats could include hacking, theft, floods, viruses, fire. Threats that are identified must be looked at in relation to the business environment and what affect they will have on the organization.
  • Analysis of acceptable risks: One of the final tasks is to assess whether or not the existing policies, procedures and protection items in place are adequate. If there are no safeguards in place providing adequate protection, it can be assumed that there are vulnerabilities.


If you’re concerned about cyber security vulnerabilities, contact us to sschedule a Cyber Security Risk Assessment for your business.