Skip to content
Salus Cyber

Security Configuration Review

Insecure Data Audit

Evaluate the data present on your estate.

Find and remove sensitive data scattered around your digital estate before a malicious actor gets hold of it.

An insecure data audit is a comprehensive examination of an organisation’s digital systems, processes, and practices, with the aim of preventing sensitive data from being susceptible to breach.

We work with the organisation to determine the scope of the audit, including which systems and file shares will be examined, in addition to the categories of data to be identified as part of the test.

Salus Cyber consultants will investigate storage locations on the organisation’s digital estate to identify sensitive data. Depending on the scope of the engagement, this could include searching through files on network drives, log files, or even physical locations such as company offices.

First Line Dark


Conducting an insecure data audit engagement can help an organisation identify locations where users have stored sensitive data on the organisation’s estate.


An insecure data audit engagement can provide insight into the areas of data storage that unintended users can access, such as unintended employees accessing HR case reports.


Managing data classification restrictions across your estate can be a difficult issue to solve as enterprises often have vast amounts of data spread across various systems. An insecure data audit can find gaps in access controls or instances of classified documents being stored in unsecured areas.


Regulatory compliance such as GDPR, DPA and PCI DSS can become difficult to fully adhere to in a large corporate environment where hundreds or thousands of users contribute content to data storage. An insecure data audit engagement can help find data compliance adherence issues before a data breach incident occurs.

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back