Security Review

Is your business leaking data right now?

Most South African small businesses have at least one serious security gap — an exposed database key, an unsecured admin panel, or a cloud storage bucket anyone can read. We find them before the wrong person does.

Request a security review →

No jargon. A plain-English report with exactly what to fix.

What we review

We focus on the security issues that actually affect South African small businesses — not theoretical risks, but the real gaps that get businesses hacked or fined.

🌐

Website & admin panel security

Exposed admin login pages, default passwords, unprotected file upload areas, and areas of your site that shouldn't be publicly accessible.

🔑

Exposed API keys & credentials

API keys, database passwords, and admin tokens accidentally left visible in website source code, public GitHub repositories, or browser developer tools.

☁️

Cloud & database configuration

Supabase, Firebase, AWS, and similar services have simple settings that, if left at defaults, make your entire database publicly readable.

🔒

Login & access control

Whether your CRM, portal, or dashboard properly separates what different users can see and do. Can a customer view another customer's records?

📋

POPIA compliance gaps

South Africa's POPIA requires proper handling of customer personal information. We review whether your website, forms, and data storage meet the basic requirements.

📡

SSL, headers & transport security

Whether data between your site and visitors is properly encrypted, whether security headers are set correctly, and whether your SSL certificate is valid.

What you get

A plain-English report — not a 60-page PDF full of CVEs you can't action.

1

Executive summary

One page. What we found, how serious it is overall, and whether you're at high, medium, or low risk right now.

2

Findings list with severity ratings

Every issue found, rated Critical / High / Medium / Low. Includes a description, why it matters, and a screenshot where relevant.

3

Fix instructions

For each finding: exactly what to change, where to change it, and how long it should take.

4

Priority order

A clear "fix these first" list — so you're not guessing what to do Monday morning.

Security review packages

Once-off reviews. No subscription, no ongoing fees unless you want them.

Website Check

R2,500

Once-off

  • Website & admin panel review
  • SSL & security headers check
  • POPIA basics review
  • Plain-English findings report
  • Fix priority list
Ask about this →
Most popular

Full Digital Review

R6,500

Once-off

  • Everything in Website Check
  • Cloud & database config review
  • API keys & credential scan
  • Login & access control check
  • CRM / portal review
  • 30-min debrief call
Get started →

Advanced + Fix

R12,000

Once-off

  • Everything in Full Digital Review
  • Network & Wi-Fi review
  • Phishing simulation (1 test)
  • We fix Critical & High issues directly
  • POPIA gap report
  • 90-day follow-up check
Talk to us →

Who should get a security review?

You store customer data

Names, addresses, ID numbers, payment info — POPIA requires you to protect it.

You have a customer portal or CRM

Any system where customers log in needs to be checked — can they see each other's data?

You process payments online

eCommerce, invoice portals, and booking systems with payment are common targets.

A developer built your system and left

When you inherit a system you didn't build, you don't know what's secure and what isn't.

Common questions

Is this the same as penetration testing?

Not exactly. A penetration test actively tries to exploit vulnerabilities — that's a deeper engagement typically starting from R25,000+ with certified testers. Our digital security review is a thorough assessment and configuration check. We find the gaps; we don't exploit them. For most small businesses, a review is the right starting point.

Do you need access to our systems?

For a website check, no — we work from what's publicly visible. For a cloud and database review, we'll ask for read-only access to your configuration (not your actual data). We sign a confidentiality agreement before we start.

How long does a review take?

Website Check: 2–3 business days. Full Digital Review: 5–7 business days. Advanced + Fix: 10–14 business days.

What if you find something serious?

We flag it immediately — we don't wait for the final report. If we find an exposed database or a critical credential leak, you'll hear from us the same day.

Does this help with POPIA compliance?

Yes — the review identifies technical gaps relevant to POPIA's requirement to protect personal information. We flag missing privacy policies, insecure data storage, and unencrypted transmission of personal data. Note: we're not lawyers and this isn't a legal compliance audit — it's a technical review.

Find out where you're exposed — before someone else does

Tell us what systems you have and we'll confirm which review package fits. No obligation — if we think you're fine, we'll tell you that too.

WhatsApp us now →

Or email: info@lennoxdigitalsystems.co.za