Data Security Health Check

In the run up to the GDPR deadline, all companies will have to review their data and technology and security processes to ensure that they are ready to face the challenges that GDPR will present.

As part of our service to clients, Xyone Cyber Security are offering a Data Security Health check to clients to help them understand, manage and mitigate their cyber risk.

This will take the form of an onsite assessment, involving both external and internal vulnerability scanning, email and security firewall and malware protection checks, as well as an information security policy gap analysis.

At the end of the session, you will receive a detailed report to summarise the findings, which includes the areas of concern and recommendations.  Xyone will also put together a summary action plan will outline how to enhance your GDPR compliance from a data security perspective.

You can see a breakdown of the activities included in the Data Security Healthcheck below:

Type of activity

Description of activity

External Vulnerability scan       

  • Accurately scan your network, servers, desktops or web apps from outside your network, for example acting as a customer for security vulnerabilities to find out where you're at risk

Internal vulnerability scan

  • Similar to an external vulnerability scan but from within your network, acting as an employee to find out where there are weaknesses

Patch management (obsolete, outdated software)  

  • A check to see which aspects of your software are in need of an update (or patch) to ensure that they are protected with the latest releases to mitigate the risks of a cyber security attack to your computers, servers and your network

Weak or default passwords

  • A review of the passwords used within your organisation and a check to see whether "best practices" are being adopted and that anyone trying to hack into your network could not easily guess the passwords currently used

Email security test

  • A test to ensure your email server is secure and spam proof.

  • The test ensures that your email server blocks and prevents viruses and dangerous attachments being delivered to email addresses within your organisation

Security firewall and malware protection checks

  • Test your anti virus and anti malware protection software by checking how you respond to malicious attacks

  • The best way to check this is through a series of carefully controlled Penetration testing exercises (also known as Pen testing)

User access control

  • Ensure that each user within the organisation has the appropriate level of access to data, servers and devices that is in-keeping with their level of authority

Backup procedures 

  • A complete review of the company's current back up procedures and an evaluation of the speed of data backup and the range of data secured

  • Clearly the impact on a company's data following a security breach can be significant and one of the most effective methods of recovery is to revert to a recent backup assuming the data is up to date and complete

Data retention

  • The long term storage of data, often for compliance reasons. This test will confirm whether the data is stored safely and protected accordingly

Mobile device encryption

  • Mobile encryption allows employees to store sensitive information in an encrypted format on their device such as a flash memory storage card

  • If sensitive data is not encrypted when stored on a mobile device, this could lead to a security breach – it is imperative to conduct this test and expose any weaknesses within your organisation

Information security policy gap analysis

  • A comparison of your existing procedures measured against best security practices

  • This activity will help to identify areas where risks or security breaches are in need of attention

  • The checks are performed against the ISO27002 standard security framework. A series of interviews with individuals is also required in addition to a review of the processes

The final part of the exercise is to summarise the findings in a detailed report which includes the areas of concern and recommendations. A summary action plan will outline how to enhance your GDPR compliance from a data security perspective

 

The cost of conducting the health check will vary according to the size of the organisation and the amount of data currently being stored and processed. We currently offer the below fixed-price bands plus a variable price (for large corporates with more than 500 employees):

Number of  employees       

    Cost of GDPR health check (ex VAT)      

Up to 250

£2,500

251-500

£4,950

501-1,000

£7,500

1,001-2000

£12,500

2,000

Price on Application

 

How we can help
How we can help

We offer a range of products and services to set to set you up for success. The joy of our end to end solution is that we can supply you with whatever you need across legal, compliance and technology requirements. Click here

Assess how ready you are
Assess how ready you are

If you are not sure what you need to do? Fill in our free online questionnaire to get a basic idea of how ready you are for GDPR. Complete the questionnaire

How we might work with you
How We Might Work With You

We can work with a variety of organisations to implement changes required to ensure GDPR compliance. View an example of how we work together to help you. View the project example

GDPR Enquiry

Complete the fields below and a member of the team will be in touch.

Free Guides

As a starter for 10 we’ve created some simple notes for specific executives to help them understand what GDPR is all about and what they need to do.

Premium Products

For those that are looking for some simple tips and prompts we provide a set of cost effective GDPR solutions that can be easily downloaded.

GDPR