Our Services

GDPR COMPLIANCE TESTING

DATA SECURITY PROTECTION

Penetration Testing

GDPR Compliance Testing

You are affected, The General Data Protection Regulation (GDPR) is a privacy law recently instated and enforced by the European Union (EU). It is a legal framework that sets out guidelines for the collection and processing of the personal data of individuals residing in the EU. We are a global online community.

The GDPR privacy laws are designed to apply to non EU based businesses also. Australian and New Zealand’s privacy laws will be changing too and similar compliance regulations are going to apply to NZ residents in the near future.

Every Businesses is different and therefore has different risks, every business needs to be reviewed to identify potential breaches to this law. By identifying the existing risks, these can be mitigated allow for business preparation for the introduction of the new data protection laws

Schedule a personalized GDRP Data Risk
Assessment for your business today

Do you need to comply with the GDRP EU?

Even businesses without a physical presence in the EU may have to comply with the new rules if they

  • sell goods or services to a person who lives in the EU; or
  • monitor the behaviour of a person who lives in the EU.

We can help with identifying what personal data is being collected
and processed by your business?

  • Does your company has a list of all types of personal information it holds, the source of that information, who you share it with, what you do with it and how long you will keep it?
  • Does your company has a publicly accessible privacy policy that outlines all processes related to personal data?
  • How are you collecting this personal data? How are you processing this data?
  • Where GDRP affects your Data, Accountability and Management, New Rights, Consent, Transfer of Personal Data.
  • SaaS CTO security checklist.

So here are 10 Key Steps to help New Zealand marketers/businesses
comply with GDPR:

  • You must have consent to collect personal information. You will need to record how you obtained consent
  • Individuals have the right to access their data. You should plan how to handle any access requests
  • Individuals have the right to have inaccuracies corrected. Already required under NZ legislation
  • People can have their details erased. The right to be forgotten – this doesn’t seem practical, but it’s in the regulations
  • Consumers can opt out of Direct Marketing. This is not in NZ law, but is best practise
  • Individuals can prevent profiling and automated decision making. Makes programmatic advertising a problem
  • People have the right to request data portability. Organisations must be prepared to securely transfer data
  • You must have legal basis for processing personal data. Similar to NZ Privacy Principle 1 in the Privacy Act 1993.
  • It will be Mandatory to report a Data Breach. Also in the new NZ Privacy bill, you’ll need to report any personal data breach to the Privacy authority.
  • Children’s Data. You will require systems in place to verify individuals’ ages and to gather parental or guardian consent

Five Benefits GDPR Compliance Will Bring To Your Business:

Enhance Your Cybersecurity

Improve Data Management

Increase Marketing Return On Investment (ROI)

Boost Audience Loyalty And Trust

Become The First To Establish A New Business Culture

The GDPR is your opportunity to excel.

Data Security Protection

When companies let employees have unrestricted access to sensitive data, it often causes trouble. Management has no idea how the data is being used, where it is distributed or by whom. Our software solves this problem by providing information about the users who work with sensitive data and exactly what they do with it. It also evaluates the risk of security incidents and warns about any unproductive employee activities.

  • Full suite DLP solution covering all major data leak channels.
  • A unique combination of content and context rules.
  • Exact time tracking.
  • Automatic evaluation and alerts.
  • Allows security to be managed from a single place.
  • Online analytical tool for managers.

How It Works

The endpoint workstation is where the action happens.  Users work with business critical data, are active on the internet, read emails, send documents to the printer and plug in their portable media. Our software deploys an agent (Client) to desired endpoints and maintains a regular connection with them through the server, or our server. This server builds a database of workstation activity and distributes new data protection policies and regulations to each workstation.

Key Advantages

  • Full suite DLP Solution covering all major data leak channels.
    Our software provides DLP with network DLP capabilities.
  • Short time-to-benefit.
    A flexible approach to blocking data leak channels.
  • A unique combination of content and context rules
    make it possible to quickly deal with legislative requirements and to control a company’s workflow in detail.
  • Technology-agnostic approach.
    Our software is not limited by individual protocols or applications.
  • Exact time tracking.
    Opened does not mean active. Our software activity reports show the actual time users were active at visited websites or in applications.
  • Automatic evaluation and alerts.
    Our software picks the most important logged details and sends a summary report to designated recipients.  Complete details are available as needed.
  • Single Management point. Our software allows security to be managed from a single place.
    Set the restriction rules and get incident reports all without constantly having to switch tools.
  • Online Analytical tool for managers
    – lets you effortlessly discover how company data is protected.  And runs smoothly in all browsers, whether on computer or mobile phone.
  • Low implementation and operational costs.
  • Option to cover Mobile helps you to protect sensitive data even on mobile phones.
    On top of that you’ll get one place to manage all company phones.

Points

  • Complete Audit of Data Transfers and User Activity
  • Complete Data Loss Prevention (DLP)
  • Sensitive Data Identification
  • Informative DLP Modes
  • Trends and Behavior Analysis – Employee Activity
  • Blocking Applications and Website
  • Print Control – Cost Reduction
  • External Device Management
  • Computer and External Device Encryption
  • Mobile Module

Penetration Testing

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

Pen tests are a combination of automated and manual penetration techniques. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents. The pen test is very similar to a disaster recovery or fire drill to ensure your business is prepared in the event of a catastrophe

Penetration tests are sometimes called ethical hacking or white hat attacks because in a pen test, the good guys are attempting to break in.

Pen Testing Strategies

Targeted Testing

Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a ``lights-turned-on`` approach because everyone can see the test being carried out.

External Testing

This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.

Internal Testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

Blind Testing

A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.

Double Blind Testing

Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.

  • a
  • a
  • a
  • a
  • a
  • a
  • a

Get in touch with us

    Loading...