Vulnerability testing is a systemic review of security weaknesses within an information system. We're looking for the same weaknesses a cybercriminal might try to exploit, but we'll tell you about the weakness and how to fix it rather than stealing your data or money.
Why should I consider one?
At the end of the school day, you or the caretaker ensure the windows and doors are closed and locked.
It's a little bit harder to do that in the digital sphere. A vulnerability assessment can show you where your digital doors have been left open and give you the information to close and lock them.
The ECRC provides three different vulnerability assessments, which complement each other.
Remote Vulnerability Assessments
Remote vulnerability assessments identify weaknesses in how your organisation connects to the internet. This would be the typical way cybercriminals will target your systems from the outside, trying to get in.
Internal Vulnerability Assessments
The service will scan and review your internal networks and systems, looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data. This is the equivalent of once a criminal has got in, what would they be able to do? Could your logging systems spot them?
Web App Vulnerability Assessments
This service assesses your website and web services for weaknesses. For most schools, the website is not just a static page but might also link to pupil or parental portals. What access to data could a criminal have if they target your website? Could they change the content on your webpage to redirect customers, install some malware to capture payment details or show malicious content to ruin your reputation?
Who would do the assessments?
We train and mentor local university students to deliver these services. Senior cyber security experts oversee them to ensure the service they provide is equivalent to the experts doing it themselves. The student gets unique real-world work experience to enable them to get a job when they finish their education, and we can offer an affordable service to businesses who might not be able to afford a commercial company or maybe want to test whether this service would benefit them.
You can get a quote free of charge with no obligation to see if our "affordable" is the same as yours.
What kind of report would I get?
One that you will understand! We know that not every school has an IT master, so our reports are designed to be understood by everyone, with an executive summary and a technical section. The student who completed the assessment will also be available to discuss the report with you.
Find out more about Vulnerability Assessments from the ECRC (Eastern Cyber Resilience Centre)
This article has been reproduced with kind permission from the Eastern Cyber Resilience Centre.