Protect
Against Cyber Attacks

With cyber attacks on the rise and being at their highest levels to date, it is imperative that businesses implement the right technical solutions to protect theirs and their customers’ data. Wizuda software has been built with security and privacy by design and protects your business from such attacks in the following ways;

Multi-Factor Authentication (MFA)

All Wizuda software comes with MFA as part of our access management system, helping to protect against some of the most common cyber attacks such as phishing, spear phishing. There are flexible options including;

Standard Username/Password authentication. Passwords must conform to the specified Password policy. The user will be locked out if they use an incorrect password multiple times in a row, requiring the intervention of an Administrator, or designated internal user able to reset their password and reconfirm the email address.

Wizuda can be synced up to your organisation’s Active Directory configuration. When the user accesses the website, they will be authenticated automatically based on the Windows login credentials.

Wizuda MFT includes extensive transfer protocol options, including but not limited to;

  • SFTP
  • FTP
  • FTPS
  • AMQP
  • SCP
  • HTTPS/API
  • Secure SMB
  • AS2
  • Azure Blob storage
  • AWS S3 Storage

The user will be redirected to the Microsoft Login portal where all authentication against their Microsoft account will take place. This will then call back to Wizuda where the user will be logged in if they have a valid Wizuda account.

The first time they log in, the user will need to scan a QR code enabling the application to generate timed codes that can be used to verify the account and log in.

The user will receive a one-time code to their mobile number and have a specified number of seconds to use this to authenticate themselves.

Encryption by Default

Wizuda software comes with an A+ score on ssllabs.com. All files are automatically encrypted at rest with AES-256 and use a secure connection and support negotiation up to TLS 1.2 using a prioritized list of ciphers.

Block Malicious Content

In the event that a registered user tries to send you malicious content, Wizuda will automatically detect this and block it from coming through, sending you a notification to that effect.

Brute Force Protection

Brute force protection is activated when the system detects several unsuccessful logins originating from an outside source. The system will then add an increasing delay to requests to that IP Address to protect the system. Internal and trusted IP Addresses can be added to the system to ensure that those users never experience a slowdown in request times.

Granular Permission Levels & Audit Logs

Granular level permissions and full audit logs give end to end assurance of all activities and lock down access.

To enable the maximum level of control over the actions of all users and groups of users, Wizuda allows the administrator to have full control over which features are accessible, and which actions users can perform.

The permissions can be applied individually to a specific user or to a Permission Group. These groups can then be linked to Departments or Users.

Control who you receive data from

Unlike standard email, for an external party to send you data, they need to be registered/authorised to send you data. This is a simple but highly secure process whereby they receive a secure link via email, self-register (email address + password + optional MFA one time pass code).

Domain Restrictions

Email domain restrictions can be used to stop messages being sent to specific email addresses or whole domains up to country level. When a domain has been added as a restricted domain then no external users will be able to be created if their emails contain part of the restriction and data cannot be sent to them.

Protection for back-end transfers

IT departments and personnel are often tasked with setting up data transfers in the backend, commonly referred to as ad hoc batch scripted processes, in order to transfer data from/to internal and external parties/end-points. The issue with such transfers is that unless they are run through a centralised platform, they can pose significant risks for cyber-attacks, due to the fact that they are typically transferred using unsecure protocols, plain text passwords and have no change control applied to them. As a result, this is often one of the first places auditors investigate when there has been a cyber-attack.

Designed to get data to where it needs to be and on-time, but without compromising on security and compliance, Wizuda MFT includes a host of features including but not limited to;

  • Authorisation workflows ensure that any transfer must be authorised by the relevant person/s before data can enter or leave your network
  • Linking transfers to Data Protection Impact Assessments (DPIAs) ensures data is transferred using the appropriate secure transfer protocols and is approved by all key stakeholders
  • Encryption by default
  • Malicious Content Blocking
  • Granular user permission levels which can be managed across multiple zones
  • Full Audit logs

Quick Contact