Most businesses know about cyber security risks. They know they should do something to protect themselves. But they are unsure of the steps to take.
Our Independent Security Review takes a strategic look at your business assets and procedures and determines whether you have reasonable protection in place based on the risk profile of your organisation and current best practice for your industry. We then provide recommendations on areas that should be secured now, and guidance to help you in the future.
Using voice and video conferencing to conduct meetings, we can provide our services to businesses throughout New Zealand. You don’t need to be in one of the main centres to receive expert security advice.
What we cover
Your Areas of Risk
We work with you to review where your confidential information is held (onsite or hosted), the types of transactions you undertake, the online services you use (e.g. accounting, payroll, banking), and any that you offer to your customers (extranet, online invoice payments). We then use our extensive knowledge of security attacks to determine which areas are at risk now, and which ones will be at risk in the future.
How Criminals See You
We scan your public Internet connections (those used for email, browsing and remote access), company website, and any cloud hosted infrastructure or applications you use. This gives us the same view that criminals would have and enables us to find any vulnerabilities that should be fixed.
We look at your approach to security at a governance level. We also review your security policies, procedures and training.
Your Current Security
We talk to your IT partner in order to review the current IT security measures in place for each area of risk, comparing them against best practice and any regulatory requirements that apply.
Ability to Respond
We look at how prepared you are to respond to a security incident. This includes whether you have a robust backup solution to allow you to recover from ransomware, a plan for how to manage a data breach and what steps to take if you are the victim of fraud. We will review your communications plans and what you have in place to communicate internally and externally should a security incident occur. And we review your cyber insurance policy (if you have one) against your areas of risk to see if you really have the cover you need
What we deliver
The outcome of the above process is a report that details:
- your areas of risk, and recommendations on how to protect them
- external vulnerabilities that criminals can take advantage of, and how to prevent them doing this
- the improvements that you can make to governance, policies, procedures and training
- whether your current security measures focus on protecting your areas of risk, the changes to make if they do not, and how to ensure they meet current best practice should they fall short
- your readiness to respond to an incident, and any improvements you should make
- recommendations around a crisis communications plan
- a security strategy that you can use going forward
We discuss the report with you and your IT partner and answer any questions that may arise.
Independent, expert advice
Because we focus on security, we have the tools, knowledge and up to date information to give you the best advice. We bring a fresh pair of eyes to your IT security, and because we only provide consulting services (not hardware, software or implementation), you can be confident that our recommendations are unbiased.
A holistic view
We take a “whole of business” view of your IT security, by looking first at the information that has value and the processes that are critical. By focusing here first, rather than diving straight into the technical layer, we can help you get the most out of your investment in IT security – whether that investment is in technology or training.
Because we are not involved in the day to day running of your IT services, we can take an objective look at the security of your IT infrastructure. Our goal is to reduce your risk by providing an honest assessment of your current status and where it can be improved.
People and process
We understand how people work, and the pressure they can be under. We recommend solutions that are easy to implement and don’t get in the way of day to day tasks.
We will give you a better understanding of security, and provide you with a framework to help you reach a level of self-sufficiency at the board, management and staff level.