How Westfund ensures industry compliance and member satisfaction with Sekuro’s Offensive Security capabilities.

Holding highly sensitive and personal information of its members meant Westfund needed strict assurance of cyber security and privacy protocols. Westfund was seeking a provider that would conduct pen tests from within Australia.

HIGHLIGHTS

Challenge

Holding highly sensitive and personal information of its members meant Westfund needed strict assurance of cyber security and privacy protocols. Luella Allan, Information Security Manager at Westfund, was overseeing the launch of a new member joining tool and knew the security of member data was paramount. Ms. Allan was seeking an Australian-based team to conduct ongoing External and Internal Penetration Testing when she landed on Sekuro.

Solutions

Sekuro conducted a series of penetration and configuration tests for the Westfund website and its new member join tool, providing crucial third-party assurance. 

Results

Westfund continues to be fully ISO 27001 compliant with each new project launch.

“When it came time to reconfigure our member join tool, we needed the assurance of a third-party provider. We wanted total assurance that when we went live with the new tool, that we weren’t going to run into any security issues, and that it was fully locked down. Maintaining this level of trust with our members and their highly personal data is essential.” – Luella Allan, Information Security Manager, Westfund

The Story

How Westfund ensures industry compliance and member satisfaction with Sekuro’s Offensive Security capabilities.

As a health insurance provider, Westfund stores, manages, and protects the highly sensitive and personal information of its tens of thousands of members. Westfund is an Australian Prudential Regulation Authority (APRA) regulated business and needs to adhere to strict guidelines and security standards under not only APRA, but also the ISO 27001 standard. With many members using their online join tool, as well as conducting their claims and extras activity via the website, digital trust with members was essential for Luella Allan, Information Security Manager at Westfund.

“When it came time to reconfigure our member join tool, we needed the assurance of a third-party provider. We wanted total assurance that when we went live with the new tool, we weren’t going to run into any security issues, and that it was fully locked down,” said Ms. Allan. “Maintaining this level of trust with our members and their highly personal data is essential.” 

Westfund’s strategic projects required improving its online members join tool and Ms. Allan advised “that security assurance was non-negotiable.”

The arrangement would need to cover ongoing external and internal penetration testing (otherwise known as pen testing), during the build and go-live phases.

Westfund Health Insurance.

Westfund Health Insurance is a health insurance company with approximately 50,000 members and 200 employees across Australia. Its 12 care centres are located predominantly in regional New South Wales and Queensland.

Our Solution for Westfund

Having received an internal referral to Sekuro, Ms. Allan initially engaged it to conduct pen tests on the Westfund website and new member join tool. Ms. Allan and her team were so impressed with the tests and the level of customer service provided by Sekuro that she decided to extend it as a drawdown arrangement for ongoing pen tests and configuration tests — ensuring each new product, portal, or maintenance check are thoroughly tested.

Previously, Westfund went to market for every new pen test it needed.

“Once Sekuro did one for us, we knew it was better. It’s important to us that the pen testers themselves are in Australia for real-time reporting,” adds Ms. Allan.

Sekuro also conducts annual pen tests to ensure best practices are maintained, which also allowed the network to be rebuilt to a PCI standard.

Outcomes

“The vision of being ISO 27001 compliant and maintaining APRA standards means every bit of planning we do integrates security from the beginning, rather than at the end,” says Ms. Allan.

Having access to Sekuro’s ongoing pen testing services is now an important element of Westfund’s cyber security posture, ensuring the testing and retesting of systems to top industry and member privacy standards. Having an ongoing arrangement to conduct pen testing also means that whenever Ms. Allan encounters a resourcing problem internally, Sekuro can easily step in. 

Westfund is looking to embark on some strategic digital projects in the next 18 months and will be looking to Sekuro to ensure that every new digital initiative is reviewed to give them and their members the security assurance to go live with these enhancements.

“The team at Sekuro is always really responsive and keeps us informed at every stage. We are extremely happy with the ongoing results of the partnership,” Luella Allan, Information Security Manager, Westfund.

Sekuro #clientforlife

Sekuro is a CREST Registered company with CREST Registered Testers and 20+ OffSec Consultants across Australia & SE-Asia.

Our staff include CREST-CCT, CREST-CRT, AWAE, OSEP, OSCP, OSED certified consultants.

CREST Qualified Consultants:

  • CREST Registered Penetration Tester
  • CREST Certified Web Application Tester
  • CREST Practitioner Security Analyst

Already know what you are after?

Get a quick quote from our consultants.

Scroll to Top