Security is a constant challenge
The best way to be secure online is to not have very much to offer.
This page is not Info Rhino selling our services to you. Instead, we talk about some of the solutions we have in place to help us and our customers be more secure. Security is something everybody needs to consider.
A constant challenge any software service provider finds is maintaining Information Security for their customers and clients. We focus more on the design of data structures, operating on principles of least knowledge to ensure that if data is leaked - its value to bad actors is minimal.
Any company with an online presence is under ever increasing scrutiny to protect their customer's data.
It is not just the fines administered by regulators, but more the damage through reputational loss when a security breach occurs.
None of this page constitutes legal advice, or best practice, so please do as much research as you can.
How we protect our customers
- Any password based access will only be for third-party plugins or test websites.
- We never ask you for password details.
- We never store credit card payment details from you.
- For websites requiring authentication, we recommend using at least two activation email addresses.
- We store virtually almost all contact information in hashed and encrypted formats.
- If we feel we need to partition data for enhanced security, we will.
- We have internal data retention policies.
Despite these approaches, we always recommend you decide what level of information you are comfortable sharing with us or third-parties.
Our CMS website's security
We realise that password authentication for websites is a real problem for many customers. Within our Content Management System (CMS), we reviewed the many experiences we have found with securing websites;
- Auth incurs a maintenance overhead.
- OAuth bears a risk for some websites of getting de-platformed.
- Third party providers of authentication can get expensive quite quickly.
- Proprietary password username mechanisms are frequently responsible for data breaches.
- Blockchain based authentication will be the best way to control access securely.
We have taken a different approach to securing our websites. We think more in terms of;
- Authentication Protocols - email, passwords, and mobiles are all examples of authentication protocols.
- Principles of least knowledge. For our property platform - findigl, the most somebody will ever know about somebody is they looked for a property in the UK.
- Sensitive data should be stored on a separate location without name and lookup data.
- Payments for subscription services of relatively low value are far less attractive to hackers than expensive big-ticket items.
- Trying not to leave data lying around for too long.
Finally, whilst we keep abreast of security relating to OWASP, we are jointly responsible for considering security. Penetration testing may be an extra step we need to take when implementing a solution for you.
We may identify a third-party OAuth provider who is more appropriate than what we offer.
Important questions to ask on security
Do I need security at all?
If the information you are sharing online is not sensitive, if you aren't risking your user's integrity, or if their information is publicised in other locations - we can quite rightly ask this question.
You will need to consider security if you are;
- Handling payments.
- Employing people.
- Communicating with customers by telephone, email, online messaging services.
Are there techniques available to mask information?
- Secure Certificates.
- Do I need secure certificates for my website?
- Should I encrypt emails?
- Should I use Password Safe Managers?
- Should we use Open Authentication (OAuth) providers such as Microsoft, Google, Yahoo, Twitter, Facebook?
Security is how you function
- Rather than email a password and user name in the same email, send one in each without stating what it relates to.
- When expecting payment from clients - sometimes it can be better to pay small test amount and then the full amount.
- Is it better to store files on a cloud drive than on a deskop?
- If storing sensitive data, is a secure data vault a better approach?
- Should you zip folders and encrypt them?