Thank you for considering Cyber Guys Solutions to provide our preventative cyber security consulting services to your business. This document outlines and discloses to you, the activities we may perform for your business to enhance the cyber security standing of your business; and assist in preventing attacks now and into the future.
In summary, we may performing the following activities after engagement:
1. Simulated Phishing Attacks catered to your industry, as well as generic emails. This involves sending your employees fake emails, purporting to be from legitimate service providers, but are not legitimate (one campaign per week, for six weeks)
2. An onsite audit of your network, using our catered Essential 8 procedures that audits, and provides a pathway for your business to exceed the Australian Cyber Security Centre’s Guidance
3. User Awareness Training – a one hour seminar detailing the biggest threats facing businesses in your industry, and to make the point that cyber security is everyone’s responsibility at work (four weeks into the phishing campaign)
4. Basic vulnerability scanning of your internet-facing network, website, and devices. This is done externally in our office
5. Full Report on our findings, advice on hardening your cyber security safety, and an implementation plan that maximises the outcome while minimising disruptions to your business.
6. Follow up video conference to ensure that you understand our findings and advice, as well as the cumulative results of the phishing campaign.
It is important to note that some of the cyber security tools we use in performing our duties are illegal when used without the explicit permission of an authorised person. By signing this document, you agree to allow us to use these tools on your infrastructure for the explicit purpose of finding vulnerabilities on your network to allow us to fix them.
Our Privacy Disclosure
1. We exceed the requirements of state and federal privacy legislation by storing all data on systems that utilise cyber best practice
2. Your identifying data is always stored by a two-factor authentication system that prohibits access to anything pertaining to your business without a password and a one-time code which expires after thirty seconds.
3. All composed documents and spreadsheets relating to your business are password protected as a third layer of authentication protection.
4. We never store any password for your network on our systems. If we require authenticated access to your network, this access will be granted face-to-face or by telephone. Phishing simulations simply record the number of link clicks, and whether a password was inputted. We never store any password in plain text.
5. We will never sell your data to any third party at any time. If there is ever a need to pass on details to a contractor or other third party, we will always seek your explicit written permission, and will not take payment from this third party.
6. All our employees undergo extensive background and police checks. Any conviction by an employee results in instant dismissal, regardless of nature. Any allegation of an indictable offence committed by any employee will result in an instant stand down of this employee, regardless of nature.
Statement of Qualification to Operate in Cyber Security
ICT and Cyber Consultants employed by our company are all industry and postgraduate qualified in IT, systems administration or cyber security and undergo regular professional development. We only employ consultants that have the experience and knowledge to provide a robust analysis of your network.
Legal Conditions during and after engagement
While our staff will utilise their skills, experience, and effort into securing your computer infrastructure against current and emerging threats, it needs to be recognised that no system is intrusion proof due to new vulnerabilities, legacy equipment, or human error.
By engaging us to conduct cyber security services for your business, you indemnify, and hold harmless the Evisory Group, Terabyte Networks Pty Ltd, our employees, contractors and our directors from legal action pertaining to our services in any respect during and after our engagement with your company.
Additionally, in the event of a default in payment for our services, your business shall pay for all costs actually incurred by Terabyte Networks Pty Ltd in the recovery of any monies owed under this Agreement including recovery agent costs, repossession costs, location search costs, process server costs and solicitor costs on a solicitor/client basis. You accept that if payment is not received within seven days of the issuing of an invoice, we will, using our reasonable discretion, apply late fees of $25.00 per day until payment is received in full. Invoices that fall past due by 60 days will be referred to collections and credit reporting agencies.
Intellectual Property
All Intellectual Property Rights developed, adapted, modified, or created by us in relation to this Agreement will remain with us until the full amount owing in our engagement is paid by you. Once the full and final amount is paid, all components of our documentation relating to your business will transfer to your business.
For the avoidance of doubt, Terabyte Networks Pty Ltd may use internally developed templates and tools to create documentation for our engagement with your business. At all times, all Intellectual Property Rights associated with these templates and tools will remain with Terabyte Networks Pty Ltd. Your rights only pertain to the information relating to your business contained within our templates and tools.
For more information, please contact the Evisory Group Privacy Officer - privacy@evisory.com.au