On 'Safer Internet Day' we thought we should share how we at Passle keep our clients, users and colleagues safe. We do this by following the three core principles of Cyber and Information Security.
These are:
- Confidentiality - Keeping access to data/systems restricted through access control rights or encryption.
- Integrity - Guarding against improper information modification or destruction.
- Availability - Having data/systems available as and when required.
CIA for short - Sadly no affiliation!
Here are some of the aspects Passle employs to keep data safe:
Confidentiality
- Passle always goes on the least privileged model and ensure those who need access have it. Alongside this, we regularly review user management to mitigate unauthorised access.
- We use industry-standard encryption and cryptography techniques to reduce the chance of data exposure, no matter what level of data that might be.
- Finally, we enforce Multi-Factor Authentication (MFA) on all platforms to ensure only those who own the account have access.
Integrity
- We employ an authorisation matrix policy that requires an article when written to be reviewed and approved by the designated individuals (typically a member of the marketing team or senior team member), allowing only credible and accurate information to be shared.
- All changes to posts are logged against the authors or administrators who made them.
- We run regular backups so that all data is kept secure, in case of an attack or downtime, guaranteeing that data can't be altered and can be restored in its original form.
Availability
- We ensure our load balancers and failover servers are constantly running to provide no drop-in service for our clients.
- We also monitor our systems to maintain oversight on current usage enabling us to react to unforeseen situations.
These principles help keep everyone's data safe. But without proper training for employees, these steps can be compromised. So, we also provide our team with structured annual training on:
- Staying safe online by not oversharing personal data.
- Best practices such as how to avoid phishing attacks.
- Our policies and procedures for keeping endpoints up-to-date.
- How to get the most out of tools we provide for free both in work and personal life such as Password Management applications.
Finally, we re-certify our Cyber Essentials and Cyber Essentials Plus position annually and are now moving towards the ISO 27001 certification.
It's safe to say, we're committed to Cyber/Data Security and Safety. Although the risks we face change regularly, we always adapt to minimise their impact to keep everyone's data secure.