Keegan & Pennykid has worked in collaboration with Social Enterprise Scotland and the Scottish Council for Voluntary Organisations to provide their members with free access to Coalition Control, a powerful cyber security risk management tool developed by cyber insurance specialist Coalition.
In our last blog, we detailed the importance of identifying and quantifying your cyber risk and the challenges of doing this with restricted resources. We also outlined the importance of implementing basic measures to prevent falling prey to the increasing number of opportunistic cyberattacks.
Coalition Control scans your organisation’s entire digital footprint and then provides a prioritised list of vulnerable areas on which to focus your cyber security activity.
But just how effective is Coalition Control in practice? How easily could your organisation make use of it and what benefits does it generate? Well, we asked Breeze, a social enterprise digital support agency that helps third-sector organisations decode the digital world. And theyput the risk management tool through its paces.
Here’s what Jane Mackinnon, Digital Lead at Breeze, had to say.
“The first task is to sign up to Coalition Control with some basic details and to verify your account via email. Next, it asks you to add details of your external assets, which is as simple as adding your website address and allowing the platform to perform an external scan of what they call your ‘Attack Surface.’
“There’s the option of adding more than one domain if you own multiple sites, but you’ll have to verify ownership of any additional ones you add. This requires access to your DNS or to the root web directory of your website, so it’s likely you’ll need assistance from your website or IT support provider.
“The external scan replicates the same checks a cybercriminal can perform to find vulnerabilities and look for easy targets. The scan will pick up domains, IP addresses, and technologies associated with your organisation (for example, WordPress if that’s your website platform). It then compiles a report of security findings, giving you a score out of 100 for cyber health.
“The findings are broken down into Critical, High, Medium, and Low risks. Critical risks could impact your insurability and premiums if not resolved. High risks could turn into critical ones and therefore need to be prioritised. Medium and lower risks don’t impact insurance or premiums, but it’s recommended to address these warnings to mitigate any risk they present.
“Coalition Control also integrates with Microsoft 365, Google Workspace, Amazon AWS, and other such platforms to monitor internal activity and to report misconfigurations, vulnerabilities, and security policies that may put your organisation at risk of a cyber incident. The dashboard also offers a security checklist, which is a handy guide on what tasks you need to prioritise, including turning on two-factor authentication, implementing strong passwords, and training staff to reduce threats caused by human error.
“The remaining options in the menu appear to only be available to premium users, including security training, financial monitoring for fraud activity, and a managed detection and response service.
“The real benefit of Coalition Control is undoubtedly the insights it provides. Whatever your scan results reveal, you’ll be armed with information that informs your next steps to improve your score and to meet the prerequisites that are often required to take out cyber insurance.
“Resolving these issues could also help to massively reduce the cost of a cyber insurance policy. If you have an internal IT department or external IT partner, you’ll have access to professionals who understand the technical jargon and know exactly what’s required to remedy the identified vulnerabilities.
“The insights will give you an excellent starting point to discuss your cyber security capabilities with IT and web service providers and ensure that everyone is working together to improve your overall resilience.
“But the reality for many social enterprises is that cyber security is something they’ve got to navigate on very limited resources. Many are trying to manage and protect their digital footprint without the support of IT professionals.
“For these organisations, the technical jargon presented in the security findings could be a little intimidating and leave them questioning what next steps they need to take. If you find yourself in this position, our advice is to use the report to highlight to your board the importance of getting expert support in this business-critical area. Use it to make sure the requisite conversations take place, and that cyber security is given the priority it needs on your organisation’s operational agenda.”
Jane’s detailed and forthright review highlights the undeniable value of Coalition Control. And don’t forget, it’s completely free to access for members of Social Enterprise Scotland and the Scottish Council for Voluntary Organisations.
It also outlines the assistance that some organisations will need to interpret the insights generated in terms of what practical actions they should take next. At Keegan & Pennykid we can assist you in this and support you in getting the best out of the risk management platform.
To arrange your free access and to add a new layer of sophistication to your cyber security capabilities, please click on the relevant sign-up link below:
