Cyber Security Controls
- Access controls: Implementing access controls, such as password policies and two-factor authentication, can help ensure that only authorised individuals have access to sensitive information and systems. Growthable uses 1password for storing sensitive access credentials between its employees and contractors. We enforce 2FA/MFA and logins via google oauth2.0, macbooks held by employees are stored with face and biometric policies.
We reference our Incident response plan, Regularly testing our incident response plan can help an organisation quickly and effectively respond to a cyber incident, minimising the potential damage.
Other areas we seek to control and manage
- Vulnerability management: Regularly identifying and patching vulnerabilities can help us to reduce an organisation’s attack surface.
- Security awareness training: Providing employees with security awareness training can help them identify and report potential security threats.
- Regular security assessments: We aim to Regularly conduct security assessments and penetration testing to help identify potential vulnerabilities and improve our overall security posture.
- Data Backup: We Regularly backup important data to help us recover from a security incident or data loss.
- Risk assessment and management: We aim to Regularly conduct risk assessments to identify potential threats and vulnerabilities, and implement controls to manage those risks.
- Compliance: We aim to ensure the organisation is compliant with any relevant industry-specific regulations or standards such as HIPAA, SOC2, PCI-DSS, GDPR, etc. where it is necessary to do so.