Much of the data stored in education data systems is of little interest or value to hackers. Schools, colleges and universities are still potential targets for criminals however.
Sensitive personal data like student records or payment details can still be stolen from education networks for instance. And universities are a goldmine of intellectual property and sensitive research data. If criminals believe data is saleable, they will steal it.
Colleges and universities are also at risk from internal threats. Inquisitive or disaffected students may attempt to break into systems for fun – or to cause damage.
Fidus provide a range of cost-effective security assessment and advisory services to help you better protect your IT systems – and the sensitive data you store in them:
• Penetration testing – How secure is your network perimeter? Your internal safeguards? We’ll show you the loopholes and exploits that hackers would use to break in.
• Permissions and accounts audit – With potentially thousands of logins to manage, are your credentials and permissions being managed properly? We’ll help you find out.
• Phishing email security – Are your teaching and non-teaching staff ready to deal with fake emails and attempts to steal logins?
• Physical security provisions – Can you keep intruders out of your data centres?
• Red Team scenarios – Using proven hacking tools and techniques, we’ll simulate a full-scale cyberattack – and test your responses to the incident.
At the end of the process, we’ll provide you with a full report that shows where your systems are – and are not – performing optimally. We’ll also supply you with a series of recommendations for future improvement, so you have everything required to apply for additional IT security funding.
Educational organisations have a legal and ethical duty to protect information stored in their IT systems. Of particular interest are your obligations under the General Data Protection Regulation (GDPR). You must properly secure personal data against loss or theft – or risk a fine of up to €20m.
Fidus can help you prepare your systems for GDPR compliance, applying the necessary safeguards to ensure unauthorised users cannot break in. From penetration testing to firewall reconfiguration, our fully qualified consultants are with you every step of the way.
Penetration testing reveals your most sensitive network vulnerabilities – so you need a partner you can trust. Fidus Information Security are an NCSC CHECK Green Light and TIGER scheme approved consultancy. Our cyber security experts hold some of the most recognised certifications in the industry, including CREST Certified Tester and Senior Security Tester. Fidus is also a Cyber Essentials verified company. Every assessment we perform is carried out according to UK industry approved methodologies (OWASP, PETS, NIST) along with our own internal testing frameworks.
More than just identifying security vulnerabilities, our cyber security experts are on hand to help you fix them too.
Certified Security Consultants
Our CREST and TIGER approved team holds a range of industry-leading security certifications including OSCP, CCT, SST and CISSP.
Easy to Understand Reports
We’ll ensure that your executives and technical teams properly understand our assessment findings using plain-English reporting.
Fixed Price Proposals
The price you’re quoted is the price you’ll pay. Our quotes are broken down into a detailed costing table so you know exactly what to expect.
Other approaches we've witnessed have included convoluted steps and commonly ends with incorrect information being handed to the consultant assigned to the engagement.
Our approach to security involves a qualified security consultant through the entire process to ensure quality, accuracy and consistency.
“Becoming CREST certified shows Fidus’ commitment to ensuring we maintain the highest standards of policies and procedures within our company.” Fidus Information Security have gained CREST accreditation for penetration testing services. We are extremely proud to announce that we are now a Council for Registered Ethical Security Testers (CREST) accredited company for penetration testing services. […]
Exploiting the eRosary Application In this post we’re going to cover a trivial full account takeover vulnerability our team identified within the new eRosary application, whilst placing an order for the watch! The ClickToPray eRosary beads are advertised as ‘an interactive, smart and app-driven device that serves as a tool for learning how to pray […]