The technology age that we live in today makes our private data more accessible than ever. The internet is full of various types of threats including, phishing, viruses and ransomware. This can then lead to blackmail, theft and even corporate espionage. For this reason, prevention methods to test the strength of an organisations security systems, such as penetration tests, are vital.
Your personal data can only be safe if the organisations that you use have suitable cyber security measures in place. There are many different solutions that companies can implement. Some of these include firewalls, anti-viruses, E-mail filtering, vulnerability scanning and penetration tests. One of our previous articles discusses these solutions in more detail, however this article is going to focus on how to test the robustness of the cyber security measures.
Penetration tests and vulnerability scans are the two main precautions that a software as a service provider should be performing regularly. A vulnerability scan identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications. This type of testing should be carried out by an independent third party who is unfamiliar with the makeup of the software they are testing. Ideally, it should occur from both outside the network trying to come in (external testing) and from inside the network (internal testing).
It is essentially a controlled form of hacking in which the ‘hackers’ operate on your behalf to find the sorts of weaknesses that criminals can exploit. The vulnerabilities identified by a penetration test enables the organisation to identify weaknesses and target your resources accordingly. Although one can never guarantee against invasion, a regular penetration test scheme can allow for peace of mind against most organisational breaches in the future.
What are the consequences?
Software as a Service (SaaS) organisations that cannot provide evidence of penetration testing measures typically stand a greater chance of being hacked which could lead to catastrophic consequences. The most obvious consequence of poor cyber security is lost data. If a third party can access personal data files such as health and safety records, then these files can be manipulated, and the credibility of the system can be disputed. This is not a situation any organisation would wish to face if pending a court trial following on from a serious incident.
The General Data Protection Regulation (GDPR) came into effect on May 25th, 2018. This reform has made organisations follow strict compliance mandates to ensure that personal data is protected. The penalties for non-compliance are serious with organisations facing a maximum of £400,000. Furthermore, under the new law, organisations cannot keep breaches of personal data a secret. Instead, you must report a breach to the Information Commissioner’s office, (ICO) within 72 hours. More information about the impact GDPR may have on your organisation’s data responsibilities can be found in The General Data Protection Regulation e-Learning course that we provide.
Question your current and potential suppliers
One way to ensure peace of mind when considering your data security is to ask questions of the suppliers you currently use or are considering. Simple questions such as:
- Is your Software Penetration Tested by an external organisation?
- How often do you perform vulnerability scans?
Any Software as a Service provider should be able to answer these questions quickly and confidently, although some liaison with the technical teams may be required!
Here at Safety Media, we recognise the importance of data security and this is built into our Learning Management System at every level. Our proactive robust attitude towards security allows us to be confident that we are taking every measure practicable to keep our customers’ information private and secure.
To set up a demo of the system or a meeting with one of our consultants so that you can access the security features yourself, please fill in this short contact form and we will be back in touch with you shortly.