Are your systems secure? As a business owner, you may be required under the Privacy Act 1988 (Privacy Act) to protect your customers’ personal information from theft, loss & unauthorised access. Most of us a well aware that in broad terms we must keep the personal data we host confidential and not misuse or disclose it. However these only form part of the umbrella of responsibilities because whilst businesses are experts in their fields they often lack specific knowledge of how to protect their data from theft, loss & unauthorised access.
You might be tempted to assume that because your system has access controls like usernames and passwords that you are meeting your requirements. But how did you validate this? Often we hear that a customer relies on past experiences like “we never have had a breach” or “we rely on our software vendor for that”. In many cases especially for SME’s there is always the cost of testing their site or web application vs the benefit it brings them.
There are two common basic tenets that can be argued around having a 3rd party evaluate your systems security regardless of the size or nature of your business, these being risk and reward.
What does a breach mean for you? These become notifiable which requires you to inform your users/clients/customers/suppliers that there has been or may have been a breach. The first question on their mind is their own safety – “is this a brand I want to be involved in”. The second is “what did they do about it or to stop it in the first place?”.
To avoid unnecessary brand destruction and the economic effects that it could bring having an external review of your site or application could mitigate this – or even find a hole waiting to be exploited.
Setting aside the marketing disaster of a breach you should consider how much organisation and administrative effort/cost it is going to take to pacify your audience? This includes your sales staff focusing on retention for a while and not following new opportunities.
Many businesses come to a certain point in their journey where submitting tender responses are required to reach the next level of their growth. If you have read through any sophisticated tender then you will find questions on digital security and often systems integration.
It should come as no surprise that these client organisations have to meet their insurance and commercial obligations with regards to cyber security and as a result your business needs to be similarly aligned.
So there you have it – there is money to be made by making sure your systems pass scrutiny so that you can have access a wider market. And please don’t be fooled into thinking “a dog ate my homework” is something you can say after a breach if you cannot provide a 3rd party reference to back you up.
Help is on the way:
WebGen brings together the skill sets of a team of professionals and vetted contractors that have years of experience in web applications. We have hardened web servers and operating systems built and audited web applications and done penetration testing to find security flaws.
We understand that a Fortune 500 company has a different level of risk to an SME. Given that you may want an in depth analysis or a high level overview and risk assessment. We can either translate our findings to “plain English” for Management review or work with your IT team in their language.
Chances are that at some point every business will have a vulnerability show up in their platform and it comes down to who will find it first – a hacker or us.
By all means contact us to discuss your individual situation.