Help, I've got ransomware. What do I do next?
A high level plan for detecting, responding and recovering from ransomware.
Our client portal provides all the tools you need to create, view or update your support requests.
For urgent IT support during business hours, or if you suspect anything suspicious call 01314528444 for the fastest response.
If one of our team has asked you to start a remote control session on your computer, use the remote control menu option above.
3 min read
Alastair Struthers
Originally posted on June 27, 2025
Last updated on June 27, 2025
Small and medium-sized businesses face an increasing array of cyber threats that can compromise critical systems and sensitive data. Proactively identifying and addressing vulnerabilities is essential to maintaining robust security and operational continuity. By investing in regular vulnerability assessments, organisations can uncover hidden weaknesses, ensure compliance with industry standards, and strengthen their overall security posture. Taking a proactive approach and looking for vulnerabilities helps safeguard both business operations and maintains client trust.
A vulnerability assessment is a process that identifies, quantifies, and prioritises the vulnerabilities in your IT systems. It uses specialised software tools to methodically scan your network, applications, and systems for known vulnerabilities that could be leveraged by cybercriminals to gain unauthorised access. By identifying these weaknesses, organisations can take proactive measures to close gaps and mitigate potential threats before they can be exploited.
An assessment provides a comprehensive understanding of your organisation's cyber security weaknesses and helps in the development of strategies to enhance overall security. It is a crucial aspect of maintaining the integrity, confidentiality, and availability (the triad of cyber security) of an organisation's data and systems.
While both vulnerability assessments and penetration testing are essential components of a robust security strategy, they serve different purposes.
A vulnerability assessment focuses on identifying and listing known vulnerabilities within a system. It looks for outdated software, insecure configurations, and other weaknesses that could pose a security risk.
On the other hand, penetration testing goes a step further by attempting to exploit these vulnerabilities to understand the actual impact of a potential attack. Pen testers simulate real-world attacks to see how far they can penetrate the system and what data they can access. This helps organisations understand the effectiveness of their existing security measures and identify areas that need improvement.
A comprehensive vulnerability assessment typically includes several key components, evaluated by a single tool. When running an assessment, an agent is installed onto your computers and network that feeds back information, which is automatically processed and assessed against lists of known issues. Your cloud services may also be connected to the assessment tool to give even deeper insight.
Common tasks carried out during an assessment are:
By covering these areas, a vulnerability assessment provides a detailed overview of an organisation's security posture and highlights weaknesses that could be exploited by cyber criminals.
Once vulnerabilities have been identified, it is crucial to prioritise them based on their severity and potential impact. This can be done by looking at the CVE ratings assigned to each vulnerability, which indicate the level of risk they pose.
Treat the results of the vulnerability assessment like a risk assessment. You cannot fix everything at once, so it is essential to prioritise critical and high-priority issues first.
By addressing the most severe vulnerabilities first, you can significantly reduce the risk of a successful attack and enhance your overall security posture.
While conducting a vulnerability assessment once can provide valuable insights into your security posture, continuously scanning and reporting offers even greater benefits.
Regular scans help ensure that new vulnerabilities are identified and addressed promptly, reducing the window of opportunity for attackers.
Continuous scanning also supports compliance with security frameworks such as Cyber Essentials and other industry standards. By maintaining up-to-date reports on your security posture, you can demonstrate your commitment to security and compliance, which is crucial for building trust with clients and stakeholders.
As of now, vulnerability assessments are not typically included in standard IT support packages. This is primarily because they require specialist tools and expertise that go beyond the scope of regular IT support services.
Given the increasing frequency and sophistication of cyber threats, it is likely that vulnerability assessments will be offered by an increasing number of managed service providers (MSP) in the future and may eventually become a standard inclusion in IT support if the cost can be reduced.
For now, businesses should consider asking their MSP about conducting a vulnerability assessment project. This proactive approach can help in identifying potential threats early and taking the necessary steps to mitigate them, thereby reducing the risk of data breaches and other security incidents.
If you'd like to know where your business's weaknesses lurk, then get in touch with us today. Our team of Edinburgh-based experts will carry out a vulnerability assessment for you to give you peace of mind, or help you target work with your IT partner to plug and holes in your defences.
A high level plan for detecting, responding and recovering from ransomware.
Protecting your computers can be a daunting task, not to mention all the other devices that your business may use including tablets, mobile phones,...
Cyber security insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large...