Case Study · Blog post

Mergodon data protection and cyber security information project case study

Mergodon is a typical small family business. Practically it is run by Mate and his wife, Suzy. Mate is in web development and project management; Suzy is an HR expert. Their businesses are separate legal entities, using the same infrastructure elements. Mate is the IT guy in both cases.
https://torotoro.co.nz/blog/mergodon-data-protection-and-cyber-security-information-project-case-study/(opens in a new tab)

May 12, 2023

Mergodon is a typical small family business. Practically it is run by Mate and his wife, Suzy.

Mate is in web development and project management; Suzy is an HR expert. Their businesses are separate legal entities, using the same infrastructure elements. Mate is the IT guy in both cases.

Suzy has customers from all over the world especially from Europe and these citizens are under the EU General Data Protection Regulation (GDPR). Mate works with companies from Europe and the USA. Plus, they must be compliant with the New Zealand’s Privacy Act (NZPA) regulation. The requirements in these regulations can be very different and confusing at the first sight.

Let us hear first the challenges of Mergodon from Suzy and Mate.

“Running these kinds of businesses, we were naturally faced with a couple of challenges related to data protection and information security. Our businesses grow well, and it gave us a lot to do. Of course, we had a previous basic understanding and knowledge of privacy and data protection, but we needed somebody with detailed knowledge of not just the New Zealand legislation but the European legislation too. In addition, these legislations are changing regularly so we needed somebody who can follow these changes and help us to stay up to date. We heard a lot of stories about cyber incidents in the kiwi SME community and we cannot afford to be a victim as it means that most probably we will be out of business soon and it is not in our business plan.

We asked Jozsef for help as he had some knowledge of our activities too.”

What happened?

“The whole thing started with a lot of questions in interviews. At the beginning we were a bit frightened what was requested from us, it looked a lot. On the other hand, we knew from our previous lives at bigger companies that this is always a good start for a project, and this is the right thing to do first. Question about what hardware and software and how we are using, where we work, where and how we collect, use and store data, who are our service providers and so on. Jozsef interviewed us and our accountant too about customer data handling and protection practices. He even checked our websites from security point of view.

Based on the findings we got an initial report. Before finalizing it, we had the opportunity to discuss these. We learnt a lot about the WHYs in security and data protection.

Later we got proposed recommendations to improve our security and compliance stance. We agreed with Jozsef to make sure that we got all the requested documentation, including policies, guidelines, baselines and in-house standards. Of course, we had to implement some changes in our daily work and routines. Now we have some repeating tasks which are very useful. The whole project closed with security awareness trainings for us and for our suppliers. We learnt that without them the whole defence will not work.”

What are the benefits for Mergodon?

“First of all, we are compliant with GDPR and NZPA, we are better organized and prepared. (We can sleep better:). Now we have service to keep us updated on regulation changes. We built a much better protection of our customers data and against the potential consequences of a data breach or an information security incident. We don’t plan to pay hefty penalties or extra costs because we tried to save a few dollars here and there. We feel our customer’s increased trust as they see that we do take care of  their data. In addition, we got an enterprise level service without the usual price tag. Actually, we implemented some learnings in our own business processes as well, which is an extra perk.”

How long did it take?

“It was like a very quick well-prepared audit, was less than two months.”

https://torotoro.co.nz/blog/mergodon-data-protection-and-cyber-security-information-project-case-study/(opens in a new tab)

About the Author

Jozsef worked as a CISO in a central hospital and in a school district. He is the founder and owner of Torotoro Ltd. He holds the following certifications: Security+ - CompTIA - 2023 Security Consultant - Ministry of Justice NZ - 2023 Certified Cyber Security Professional – Google – 2023 NZPA – NZ Privacy Commissioner – 2022 OPSWAT Certified Cyber Security Associate – OPSWAT – 2022 OSINT training – European Security Academy – 2021 Fortinet NSE – Fortinet - 2020 Virtual Agile Teams – IIL/PMI – 2020 ISO 27001 Lead Auditor – TÜV Rheinland InterCert Germany – 2019 NZQE recognized Level 7 General Informatics Diploma - 1996

Related Posts

Why kiwis are suffering in cyber?
Why kiwis are suffering in cyber?

Many experts say that Kiwis are suffering in cyber.
Especially in the SME sector, which means family and private businesses.
Let us enumerate a few reasons for this.

Subscribe

Comments

0 Comments