How does the CyberVital Security Check actually work?
CyberVital is an online computer cyber risk assessment tool that will scan and assess the cybersecurity settings of a computer.
After the CyberVital check, a tailor-made email report, which will be sent to the user's account, gives each scanned computer a set of scores that will benchmark the cybersecurity settings. CyberVital software offers a built-in one-click solution to rectify the computer security setting such that user can improve the security setting in one go. With regular and repeated scanning, the user can understand how he/she can improve the cybersecurity posture of the computer over a period of time.
What are the steps to run the Health Check?
Fill in & submit the Sign-up Form. We just require the essential contact information of the user, i.e. Name & Email address.
Our system (from firstname.lastname@example.org email account) will send you a link to download CyberVital Software and there will be an ‘Access Code’ attached in this email.
User will need to download and execute the software on the PC. Once you run the software, it will ask for an authentication code. The 8 digit code is in the registration email and you need to copy the ‘Access Code’ from the email.
The Software will show you the scanning status and will notify you when the scanning is done.
Within 10 mins, there will an email from email@example.com with a CyberVital Report attachment in PDF format.
What will CyberVital Report tell me?
For Trial User (Free for first 3 Scans), we will show the CyberVital Scores on 3 major computer security settings and 2 Records of computer access:
Online Payment & Financial Transaction Security Check: to assess if there is any vulnerability that will lead to credit card or other epayment data loss. We evaluated the user's browser settings and checked if there have been any unwanted programs or websites stealing financial data from the user. An Online Payment Risk Score will be given on CyberVital Report.
Ransomware Check: to prevent installation of malicious software and check if there is any unknown remotely control of user’s computer. Ransomware prevents user from accessing the system or personal files and demands payment in order to regain access. We looked into user's settings to see if you have been protected against malicious ransomware. A Ransomeware Risk Score will be given on CyberVital Report
Network Speed and Quality Check: to ensure the network speed will not hinder user's work. Network speed directly affects the performance of user's network access and video conferencing. We ran a series of speed tests to check Internet speed as well as network latency.
4. Remote Access Record: to assess the vulnerability of computer which enables 'Remote Access' function. Computer with Remote access client devices generally have weaker protection than standard client devices.They may be used in hostile environments but not configured for them. CyberVital will show all the login and logout record via Remote Access. User can also take note of the irregular access of account during odd hours.
5. Login and Logout Record: to record the log in & out time of different users on a same computer. For computer which has multiple users, especially kids, this record will give users a clear historical record of users log in and log out behavior.
What standard is the assessment based on?
And how do you calculate the scores on the CyberVital Report?
Our assessment is a computer cyber risk assessment and therefore, we will scan and assess the cybersecurity setting of a computer by giving a CyberVital score according to different computer functions.
CyberVital score is based on how many high risk Attack Vector/ Surface your computer is currently facing. We identify the attack vectors that are being exploited according to a list of well-known online malware and ransomware attacks (that is the main reason for high risk exposure). Eliminating this attack vector will therefore reduce the chance of a cyber attack.
What is Attack Vector or Surface?
Imagine your computer is a fortress protecting your valuable assets. Attack vector is like the window or door on the fortress, every attack will start with these openings and attackers will spend more time on trying to exploit them.
Security researcher call this types of attack entrance point, attack vectors. Not all attack vector are high risk and should be eliminated. However, we cannot have a fortress without windows or doors as it will be suffocating.
What are the system requirements for this security health check?
Windows 10 OS
User has rights to install software - Administrator right
Computer has Internet access
PDF Reader installed
The user’s computer OS should be Windows 10. While utilizing the scan, the computer needs to have Internet access and the user is able to login with the ability to download and execute software.
What would you do to the data collected by the security check?
We only collect information from your Windows and other program settings, which helps us identify which weak points you have, and helps us create a personalized report. We do not collect any other personal information from your computer, and we will never share any of your provided personal or identifying information to anyone.
Besides, we would aggregate your computer’s information with other companies’ for our own analysis. No information from a single user is going to be published. Furthermore, all data transfer to Hoplite will keep a copy at the company for 6 months.
During the assessment process, the data volume transmitted is low. We do not connect to Internet when performing the assessment. The results (logs and reports) are stored locally first. And then it is copied to the user's email account.
What is the purpose of the assessment report?
Regular, automated and risk-based security assessment is an essential tool to understand cybersecurity posture and prevent the next cyber attack. The CyberVital report will enable the computer administrator to oversees key components of his IT infrastructure and user behavior.
What is the difference between CyberVital Computer Health Check and Anti-virus or a Firewall?
Hoplite CyberVital is not replacing anti-virus or firewall. Digital assets in a computer will generally have multiple risks associated with them. Equipment failure, theft, or misuse can affect hardware, while viruses, upgrade problems, or bugs in the code may affect software.
Even if your computer systems are timely upgraded and patched regularly with anti-virus software, there are still other weakness in the access control like wrong setting of firewall, weak password or vulnerabilities in the network that might expose the computer systems to cyber threats. Therefore, our CyberVital Security Check is a thorough cyber risk scan on the digital assets that you would have.
Effective on: 2020-09-02
Introduction and Scope
Hoplite Technology Limited ("Hoplite," "we," "us," "our") takes the protection of personal data very seriously. Hoplite Technology is the developer of Anti-Phishing Bot. This Privacy Notice (the "Notice") addresses data subjects whose personal data we may receive in our Anti-Phishing Bot software application (the "Service"). This Notice does not apply to personal data we collect by other means, such as personal data that we receive directly through Hoplite's own publicly accessible website.
What Information does Hoplite Collect?
We receive and store any information you knowingly provide to us. When you create a new Hoplite or Anti-Phishing Bot account, we will solicit your consent to connect your Gmail, Google Suite, Microsoft 365 or Outlook account to your Hoplite APIs, thereby providing us with access to your email headers and meta data. We access and store a subset of data from your Gmail, Google Suite, O365 or Outlook account to provide you with our Services.
The App will only use access to read, write, modify, or control Gmail, Google Suite, Microsoft 365 or Outlook message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail, Google Suite, Microsoft 365 or Outlook data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
Hoplite acts as an agent, also known as a data processor, for the PII we process for our customers through the Service. This means that Hoplite’s customers determine the type of PII they provide to the Service for Hoplite to process on their behalf. Hoplite generally has no direct relationship with the individuals whose PII it receives from its customers and Hoplite’s customers are responsible for providing notice to the individuals whose PII will be collected and provided to Hoplite.
Purpose of Processing PII
We process PII submitted by our customers for the purposes of providing the Service to our customers, which typically involves our anti-phishing program.
Basis of Processing
Within the scope of this Notice, we process PII based on the documented instructions of our customers.
We delete the PII submitted to us by customers and business partners within 90 days of receiving a request to delete from our customers or the data subject unless applicable law requires a different retention period.
Sharing PII with Third Parties
We share PII with our corporate affiliates and our service providers, who process PII on behalf of Hoplite, and who agree to use the PII only to perform the Services for us or as required by law. Our service providers include businesses that provide:
internet hosting and infrastructure services;
office management services; cloud storage services; and customer service software.
Our service providers may be located within or outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such PII.
Other Disclosure of PII
We may also disclose PII: to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, provided that in such instances we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII;
if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or to our subsidiaries or affiliates only if necessary for business and operational purposes.
We use and may transfer, sell, and share aggregated, anonymous data, which does not include any PII, about our Service for any legal business purpose, such as analyzing usage trends and seeking compatible business opportunities.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Microsoft, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
Data Integrity & Security
Hoplite has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Access, Review & Deletion
If we store PII about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. You may also have the right to opt out of having your PII shared with third parties and to revoke your consent that you have previously provided for your PII to be shared with third parties, except as required by law. You also have the right to opt out if your PII is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. Requests should be sent to the Hoplite customer who provided your PII to Hoplite, or to Hoplite directly at firstname.lastname@example.org. Hoplite has limited rights to access PII our customers submit to our Service. Therefore, if you contact us with such a request, please provide the name of the Hoplite customer who submitted your PII to our Service. We will forward your request to that customer and provide assistance to our customers, as needed, as they respond to your request.
Inquiries or Complaints
In compliance with the Privacy Shield Principles, Hoplite commits to resolve complaints about our collection or use of personal data. For inquiries or complaints regarding our Privacy Shield policy, you may contact us by emailing email@example.com. Hoplite representatives will respond within 24 days.
Hoplite Technology Limited is subject to the investigatory and enforcement powers of the Hong Kong SAR Law.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the "Effective" date above to reflect the date on which the new Notice became effective.
If you have any questions about this Notice or our processing of your PII, please write to our privacy contact at firstname.lastname@example.org or by postal mail at:
Hoplite Technology Limited.
Unit 538 , 19W , Hong Kong Science and Technology Park
Please allow up to four weeks for us to reply.