The IT security has an important role in the Market Research Industry. Not only does it need to be robust so that fieldwork is completed reliably and on time, but needs to be secure to ensure data collected is accessible and usable by those able to do so, but also so that Personally Identifiable Data is kept confidential. It is essential to secure the data you collect, but sometimes it can cause headaches because of the number of attacks on your data.
First, let me clarify what a Penetration test is and how it usually works.
What does Penetration testing mean
A penetration test is a scheduled and planned software attack on a system. The aim of the attack is to replicate the type of attack that could occur and, therefore, highlight the security weaknesses of the system so they can be fixed. Penetration tests should be conducted frequently, as new vulnerabilities are popping up and software is deployed continuously.
How does that work in real life
Bespoke software is used to attack given IP addresses: The complete test will take around 2 hours, since the penetration testing system has to check all available network ports. Once the test is ready the system will generate a detailed report about the discovered vulnerabilities of the system.
Contents of the report
The report contains discovered vulnerabilities in a categorized (red, yellow, blue) format starting with the highest issues. It also highlights the security/business risk, the threat, the impact and a solution for the issue. Each line contains the color and the severity. In normal cases the red and yellow should be fixed as soon as possible to decrease the security risk of the system. The blue one usually is just a note that the mentioned item can be an issue in the future.
How often can we do penetrations tests
That depends on the system. In normal cases the best is to have a penetration test every quarter (can be every month) and do a test also after any system changes.
Nebu takes care of security
Nebu utilizes an independent testing company to perform regular penetration test in order to ensure that we are alert to the latest threats and to keep a high level of data collection.
Would you like to learn more about how to protect your data?
We're here to help you with our white paper. It helps to understand who should comply with regulations, who is the data controller, the use of security methods and more. Download it now!