Contact Us

Compliant Solutions

From your Compliant Partner

Connexion have helped to ensure that Crescent Pharma are operating to the highest standards for data security and data integrity requirements required by MHRA are being maintained Julia Allwood, Crescent Pharmaceuticals

Cyber Security and Compliance Services

With Cybercrime growing and constantly increasing in sophistication the risk it poses to businesses has never been greater, yet in parallel the GDPR and industry specific regulations are increasing the business risk associated with a data breach

A data breach can now be catastrophic for businesses. At the same time businesses need to embrace digital transformation to drive their competitive advantage in increasingly saturated marketplaces.

Solange de Carvalho

Ensuring security of our client data is critical to our SRA complianceSolange de Carvalho
Legal Rights Partnership

Connexion offer a range of services and solutions to help organisations harness technology whilst ensuring that they manage risk and comply with regulations by implementing data security best practice.

Cyber Essentials Certification

Cyber Essentials is a simple but effective Government backed standard that will help you to protect your organisation against a whole range of the most common Cyber-attacks whilst demonstrating your organisations commitment to data protection and increasing your competitive advantage

Managed Security

Cyber threats are constantly evolving and your organisations vulnerabilities are constantly changing so maintaining your organisations data security needs to be a continuous endeavour. Connexion provide managed security services to continuously mitigate risk and maintain your organisations data security standards

Vulnerability Scanning

Connexions vulnerability scanning offers security checks on your web applications and network. Once completed scans are analysed by our Certified GCHQ consultant to ensure that your organisation is notified of any urgent vulnerabilities requiring immediate action

Penetration Testing

Penetration testing is vulnerability scanning taken to another level by evaluating your system’s security and attempting to expose and exploit vulnerabilities and weaknesses through a simulated attack by a Certified Ethical Hacker (CEH)

GCHQ Certified E-learning

Created by Xyone Academy, based at Lancaster University, and certified by the UK Government's Communications Headquarters (GCHQ), this suite of policies and training can be tailored to any organisation of any industry or size

GDPR compliance audit

An independent review of your systems for GDPR focusing on ensuring that your organisation is safeguarding the personal data that it holds in accordance with best practice. This includes a review and report of your processes, policies, controls and technologies


Cyber Essentials Accreditation

Cyber Essentials accreditation is now mandatory for organisations supplying the public sector in Wales and Scotland on certain projects and a growing number of private sector organisations insist on it throughout their supply chains.

Cyber Essentials consists of a set of security best practices which together insure that your organisation is protected from known common Cyber Attacks. Apart from helping you sleep easier, the standard is a big step towards compliance for GDPR and all other industry specific regulations.

Connexion will work with your organisations whatever its size and get it ready and certified quickly and cost effectively

Readiness

To make the process of certification cost effective its best to commence the certification process once you know your infrastructure is ready. Connexions Cyber Essentials readiness service consists of a Gap Analysis and External and internal Vulnerability scans by one of our GCHQ approved Cyber Security consultants. Once the gaps and vulnerabilities have been identified they will be quickly mitigated so that you organisation is set to begin the Certification audit.

Certification

Connexion provide a fixed fee Certification service with a ‘No Certification no Fee guarantee’. Our Certification Partner Xyone Cyber Security will complete an onsite audit of your infrastructure and will provide a report, if a pass isn’t issued immediately Connexion will address any non-compliances until a pass is issued guaranteed in under 30 days.

Cyber Essentials
  • Secure Configuration
  • Boundary Firewalls & Internet Gateways
  • Access Controls & Administrator Management
  • Patch management
  • Malware Protection

Managed Security

The reality is that keeping your data secure is a constant endeavour. Threats are changing, and new vulnerabilities are continuously being discovered in hardware and software, to successfully manage your organisations risk you need to be proactively employing a number of different practices to mitigate a myriad of different threats and vulnerabilities.

  • Data Security Policies and staff training
  • Security Incident management
  • Vulnerability scanning
  • Hardware and software patching
  • Disaster recovery planning
  • Service management
A 2017 study by Kaspersky revealed that on average a business is now getting hit by a ransomware attack every 40 seconds

A 2017 study by Kaspersky revealed that on average a business is now getting hit by a ransomware attack every 40 seconds

Vulnerability Scanning

The best way of identifying weaknesses and security vulnerabilities on your network is by running a vulnerability scan. A Vulnerability scan reveals the actual vulnerabilities that exist on your infrastructure and thus validates that the security patches that have already been applied have been done so successfully, which is not always the case. A Vulnerability scan will also reveal new vulnerabilities that need to be addressed.

Assessment and Patching

Connexion's Managed Security Service is a process of regular scanning, assessing and patching of vulnerabilities. Due to the sheer number of new vulnerabilities that naturally occur, patching everything immediately simply isn’t realistic. Furthermore, often it’s critical that new patches are not applied to your system as applying them introduces more risk to your business continuity than not applying them as they may conflict and disrupt existing services on your infrastructure.

To minimise the risk of business interruption and to ensure that patching is focused on the most important vulnerabilities Connexion carry out assessments as part of all vulnerability scans. Vulnerabilities are assessed and prioritised using the Common Vulnerability Score System – CVSS. All patches are also tested and reviewed for conflicts within your existing infrastructure before being applied.

Connexion’s vulnerability scanning service offers businesses a one-off or continuous scan of their entire network for vulnerabilities, using the same tools that the cyber-criminal is using. This allows companies to see their network through the eyes of the hacker and pre-empt his next move.

Penetration Testing

Penetration testing is vulnerability scanning taken to another level by evaluating your system’s security and attempting to expose and exploit vulnerabilities and weaknesses through a simulated attack by a Certified Ethical Hacker (CEH).

Network Penetration testing

Network Penetration Testing goes beyond vulnerability scanning, to evaluate a system’s security, while attempting to expose and exploit vulnerabilities and weaknesses through a simulated attack. Bypassing known security weaknesses, the Certified Ethical Hacker (CEH) performs manual penetration testing in an attempt to branch out and gain further access to other applications, databases and resources, disrupting or damaging any of your systems and processes. Follow-up reporting will detail all weaknesses and vulnerabilities, which are validated by our team, and accompanied with appropriate recommendations.

Cloud Penetration testing

The safety of your company’s assets depends on the security of your cloud-based infrastructure just as much as your in-house IT environment. Security should be a key consideration when selecting a cloud services provider, and our Cloud Penetration Testing Service can help you determine how secure your assets in the cloud really are.

Penetration testing on applications hosted in the cloud is based on the same principles as those deployed as part of our Web Application and Network Penetration Services, on relevant infrastructure and software. However, allowances are made for data being housed in a shared environment, and the potential compromises that this can bring about. As an end user, it is your responsibility to ensure that the security of any operating systems and applications hosted in the cloud are continuously maintained and tested, and that you are always aware of the location of your data.

71% of companies targeted by ransomware attacks have been successfully infected

71% of companies targeted by ransomware attacks have been successfully infected

Penetration Testing Services

  • Networks
  • Cloud Computing
  • Web Applications

GCHQ Certified e-learning

Mitigate is a process which has proven to dramatically reduce a company’s cyber risk. When 41% of security incidents suffered were caused by internal breaches or errors, it is imperative that all staff have the policies, procedures and training in place to take responsibility for their own cyber defence.

Created by Connexion partner Xyone Academy, based at Lancaster University, and certified by the UK Governments Communication Headquarters, GCHQ, this suite of policies and training can provide ready to use Data Security Policy framework or it can be tailored to a firm of any industry or size.

Mitigate can assist companies to establish a better security culture within the organisation by having clear engrained policies, scenario-based e-learning training and assessments, creating a clear audit trail to mitigate your risk.

The Solution

Mitigate is an internal threat mitigation solution which reduces your risk of a Cyber Attack by equipping every individual member of staff with targeted, simple awareness on the following areas of cyber security concern.

  • Online Security
  • Information Security
  • Remote security
  • Workstation security

This is achieved by having:

  • 12 GCHQ Certified Information Security Policies, which embed the generic rules of cyber security, and are updated on a 12 monthly basis with full version control.
  • 12 GCHQ Certified Cyber Awareness E-learning 15 minute Training Modules to reinforce what each policy actually means to the end user.
  • A full regulatory audit trail to evidence:
    • Staff have completed security training
    • Staff Acceptance that they have understood Security training and Policies

Human Risk Management

Mitigate provides a dashboard which enables your organisation to quickly identify departments or individual members of staff that represent a risk to your data security and which require special training.

41% of security breaches are caused by internal breaches or errors

41% of security breaches are caused by internal breaches or errors

GCHQ Certified Training - Mitigate

GDPR Audit

Connexions GDPR audit provides a comprehensive assessment of your organisations data security focusing specifically on personal identifiable information across all of your digital assets.

  • Data storage residency of data and data transfer compliance
  • Cyber Essentials compliance
  • Information Security Policies
  • Data Retention Policies and procedures
  • Incident response plans
  • Data Protection Policies and Procedures
  • Mobile Working
  • Website Assessment
  • Web application assessment

Following the audit, we will provide your organisation with a report detailing our findings and highlighting specific areas of concern for review, including recommendations and budgetary costs for any remedial work or services that may be required.

Mohammed Amjad

Connexion's understanding of SRA regulations and security best practices have helped with GDPR and SRA complianceMohammed Amjad
LRP