Case Study by Annabel O’Neill - General Manager, Marketing & Engagement, Greenfleet
Greenfleet is an environmental not-for-profit organisation that works in Australia and New Zealand. We plant native biodiverse forests to help fight the impacts of climate change.
Established 23 years ago, Greenfleet was Australia’s first carbon offset provider. In 2020, we’re proud to have planted 9.4 million trees and to have created more than 500 forests in Australia and New Zealand in our effort to protect the environment for future generations.
As a registered charity, we are entirely funded by our supporters. Our supporters are individuals, and organisations that come from a range of sectors, including commercial, government and education. They partner with us to offset their carbon emissions and donate to restore ecosystems.
In the current environment, maintaining an appropriate level of security is an absolute necessity, particularly when your business is purely reliant on its supporters for its survival.
We were about to launch a new website that would be tightly coupled to our customer relationship management (CRM) system. It was a big step for us – while our previous website had offered supporters a payment gateway via which they could make donations, our new website is going to offer much more. Supporters would be able to log in to their account to review their donations, carbon offsets etc.
With security in mind, we needed to thoroughly check for, and repair any vulnerabilities before we turned the website on. This was particularly important to protect the privacy of our supporters and our reputation as a business because any breach of our website would also breach our CRM.
Ultimately, before going live, we needed to give our Chief Executive Officer certainty that we’d taken a very diligent approach to developing our new website – and that we had done everything possible to protect our supporters and our business.
The Selection Process
We started looking to engage a company to provide vulnerability and penetration testing just two weeks ahead of launch, so as you can imagine, the timing was tight.
We invited three companies to tender, and our main goal was to find a company with the scale and capacity we needed to get the job completed quickly and with attention to detail.
We selected The Missing Link based on their reputation, capability and scale. They have a good physical presence and right from the start, demonstrated a responsive approach. In fact, they called us within 15 minutes of my initial email enquiry to discuss what we were hoping to achieve, then scheduled a pre-sales meeting a day or two later to discuss the project in more detail before providing a plan and a quote.
We were impressed by their consultative approach – they wanted to really understand how we wanted the website to work for us, how our supporters would interact with it, and what we wanted from them.
They were happy to get started straight away and willing to work out a bespoke solution, effectively splitting the testing into two distinct parts, which enabled us to meet our deadline for launch.
And, as requested, rather than providing an extensive and unnecessarily cumbersome report, they delivered a concise list of findings that we could get straight to work on.
Our team at the Missing Link was wonderful to work with – they’re not just salespeople, they know their stuff, and they genuinely do a good job.
From the first email, we found them very responsive to our needs and highly organised when it came to proposing, planning and implementing the project. Their professionalism and ability to communicate complex, technical information was right on the money, and they provided us with the perfect balance of impactful findings in a simple yet detailed report.
I’d go so far as to say they’re a very refreshing organisation to deal with.
Cyber security is so important, especially when our technology is our company’s critical interface with supporters. Our biggest concern had been that The Missing Link could find a website full of holes that would cause us to delay our launch.
We were relieved that they were only able to find about five vulnerabilities, none of which were critical, and we give full credit to our web development partner for this. As a result of their vulnerability testing, followed by penetration testing, we were able to launch our new website on time. Most importantly, we felt confident that we’d done everything within our capacity to protect our supporters and our business.