Exercise in a Box

This scenario is based on how your organisation would respond to a phishing attack that leads to a ransomware infection. It tests the support that users are given to detect and respond to phishing attacks and what security controls are implemented to limit the impact of infections when they occur. It also covers how well you could continue operating if you got infected with ransomware and whether you could rely on your current backup solution. More details here.

Understanding the impact of an organisation’s supply chain on cyber security is important. In modern organisations, the digital supply chain includes organisations that provide services, including online tools, cloud-based products, desktop software and even licenced hardware. This scenario begins by exploring how you would ascertain potential suppliers’ security. It then skips forward several months and asks what would happen if that supplier suffered a service outage that could have exposed customer information. More details here.

The Micro Exercise scenario combines aspects of the above-mentioned scenarios with additional, broader cyber security learnings within a 90-minute session to ensure all organisations, regardless of their sector or level of cyber knowledge, can benefit. These sessions take the form of collaborative discussions, giving participants the time and opportunity to further their knowledge of a particular cyber security subject and identify areas of improvement. Micro Exercise in a Box workshops will discuss some basics of good cyber housekeeping. More details here.

Every organisation stores personal data in some form. This could be related to clients, staff, rejected job applicants or even individuals targeted in a marketing campaign. As such, every organisation has a legal obligation to protect that data, with harsh financial and reputational penalties for breaches, particularly when your organisation does not have adequate security measures. By talking through your organisation’s security processes with the help of our ethical hackers, you will identify points for future improvement and learn how to respond. More details here.

It is important to understand the benefits and the additional cyber security risks that home and remote working can bring to an organisation. Many of us have had to move to 100% remote working, having never done it before due to COVID-19, which has created the potential that your organisation’s IT services will be accessible to people other than your remote workforce. Additional sudden requirements and demand on infrastructure could increase your organisation’s attack surface, providing attackers with more potential avenues to exploit. More details here.

Exercise in a Box has been piloted with small and medium enterprises, local government and emergency services, but other private and public sector communities can benefit from using it depending on their needs. We have seen companies of all sizes and sectors complete a scenario and see a great benefit; however, micro-companies, sole traders, or companies at a very early stage of tech development may not get the full value of joining. Please reach out to us if in doubt about this.

We are conducting in-person and online sessions over Microsoft Teams. The session type will be clear in the event registration page name.

The session is discussion-led, and with this, it is paramount that you bring some team members! Along with yourself, we recommend at least 2 – 5 others, with employees from different departments represented. As it is non-technical, those from non-technical departments will be able to feed just as much into the conversation as a technical team.

We are welcoming organisations from all over Scotland to take part in one of our Exercise in a Box sessions taking place over the next few months.

Sign-up on behalf of your organisation via the event page, and we will be in touch with more details.

If you are interested in finding out more, please email your interest to [email protected]