Protecting you personal information is mission critical to iConsumer. Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information. While data encryption is a popular topic, it is just one of many techniques and technologies that we use to implement a tiered data-security strategy. Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity, taking action as needed.
Implementing a tiered data protection and security model includes multiple perimeter rings of defense to counter applicable threats. Multiple layers of defense isolate and protect data should one of the defense perimeters be compromised from internal or external threats.
Both logical (authorization, authentication, encryption and passwords) and physical (restricted access and locks on server, storage and networking cabinets) mechanisms are in place to ensure security. Logical security includes securing networks with firewalls, running antispyware and virus-detection programs on servers and network-addressed storage systems.
Without going into specifics (that would compromise security), here are the techniques in place to ensure/protect network and data security:
1. Limit access to hardware.
Servers and equipment are in an access controlled location to which only key personnel have access.
Per PCI data security standards, we employ hardened firewalls with virus protection software.
3. Network Scans
We regularly scan computers, network, and external facing systems for open ports and other vulnerabilities.
4. PC/Server Virus Protection
All PCs with access to our network run up to date virus protection software and are set to automatically apply virus profile updates. Servers are configured to automatically apply latest patches to their operating system as soon as they are available.
5. Segmentation of Networks
Standard office PC and wireless traffic is separated from server networks.
6. Restricted Network Access
Server network access is restricted and only occurs over secure encrypted traffic. Server access is limited to key personnel and only via virtual private networks only.
7. Management Tools Access
Access to management tools is restricted to employees requiring access. Access to management tools is segmented by area (vendors, member information, etc.) and access to data in each area is secured separately. No default passwords are ever used. Employees must set an initial password and passwords must be updated on a regular basis and not reused.
8. Data Encryption
Highly secure data (social security numbers, FEIN, etc.) is transmitted to our servers by members via SSL (secure socket layer) using state of the art encryption techniques. Once received the data is further encrypted using industry leading encryption techniques. Encryption algorithms are stored separately from the data, are restricted to key individuals, and are themselves encrypted. Decrypted data is never transferred from computer to computer over non-secure connections.
9. Member Passwords
To reduce the risk of member accounts being hacked, member passwords are required to be eight or more characters in length and contain three of the following: lower case characters, upper case characters, numbers, & special characters. Passwords are not stored in the database. They are combined with secret information and then hashed. Login attempts are hashed and compared to stored hash strings following industry standards. Passwords are never transmitted over non-secure non-encrypted means. Passwords may be reset but can never be viewed.
10. Non-Display of Secure Information
Highly secure data (social security numbers, FEIN, etc.) are never displayed in-full on any web pages, apps, or printed reports. This data is never transferred from computer to computer over non-secure connections.
Backups and archives are encrypted and stored securely with password protection. Disaster Recovery operations include transfer of data via secure encrypted channel to secondary secure location.