How we handle security incidents
Unfortunately, security incidents are becoming more and more common. While we can minimise the chances of them happening, we must be prepared for any outcome. Your data security is our highest priority, ahead of everything else our company does.
Here's how we categorise security incidents with examples provided for each level:
- L4 High Urgency/High Impact: Multiple customer’s sensitive data breached (e.g. general API breach)
- L3 High Urgency/Medium Impact: A single customers sensitive business data stolen (e.g. API breached for a single customer)
- L2 High Urgency/Low Impact: A low volume of data breached of a single customer security vulnerability found (e.g. A single customers CRM details breached)
- L1 Low urgency and low impact: For example, an unsuccessful DDOS, a port scan or phishing email attempt.
Wiise considers low level random attempts (L1 only) to be only exception to this rule. These types of 'knocking on the door' incidents occur multiple times every hour to any web connected service. Our security team’s job is to ensure L1 attempts don’t become L2 or higher incidents.
Notifications
Should there be any successful or concerted attempt to breach our security and access a client’s data (L2 and above) will notify you and mitigate the issue, as immediately as possible.
Here are our target timeframes:
- L4: Four hours
- L3: Four hours
- L2: Eight hours
- L1: Not applicable
How to report an incident
If you or any of your users notice an incident that you think might affect your data’s security, don’t hesitate and contact our security team immediately at Privacy@wiise.com. Such incidents might include:
- Laptop or mobile loss/theft
- Password compromise
- Malware detection on your end device
Always err on the side of caution. Together we can help keep your data secure!
Thank you,
Hamish Browne
Chief Technology Officer