Our approach to security
We operate systems that are as simple as possible, with fewest components to reduce the attack surface. We choose Open Source software that is in use by millions of others. This reduces the chances of there being a vulnerability relating to our specific use and also empowers us to validate or remedy an issue that we discover without having to wait for it to be a vendor priority. We don't rely on external 3rd party data services, therefore reducing risks of operational supply chain attacks and unintended external data processing.
However, there is no 'secure', just shades of insecurity.
Our Responsible Disclosure policy sets our guidelines as to what should be done if a problem is discovered with our services and systems. This process doesn't assume that there are no issues, it offers a responsible approach to managing issues as they are found, and this process works well throughout the digital industry.
SSL certificates are provided for all email and hosting services to ensure that data is encrypted and confidence increased. It is important to note that not all email servers encrypt so messages often are converted to readable plain text when travelling through the Internet.
What you can do
- Plan for a breach
- know what data you have and where. Consider if it became public or was no longer available to you.
- Protect your email
- this is often the key to all of your other services.
- Create a password policy
- share your policy with colleagues, staff, friends and family.
Password policy guidance
Important passwords should be changed regularly, this means every month or two. This protects against accidental sharing of passwords through phishing (when someone creates a service that looks familiar to you to steal your password).
Use different passwords for different websites and apps. Some websites don't encrypt passwords so if their data is exploited, your password can be published. Having different passwords reduces the chances of your data being stolen from other sites.
Create a strong password that is easy to remember and hard to guess or compute. For example, remembering eight symbols is hard to remember and type, and not too difficult for a computer to discover. Creating a short story of say 6-8 words with punctuation is easy to remember and hard to compute. It also lends itself well to variation when it is time to change the password.
Don't share passwords with anyone. others are more likely to save in their web browser history or write down. If you do find data is inadvertently revealed, it can affect relationships if you had recently shared the password with someone, even if they are not the cause of the problem.
Use different email addresses for different websites. This helps identify sources of spam as well as adds an additional layer of protection when logging in to systems or identifying when problems occur. Look for 'plus-addressing' where email address variations can be made up on the fly which still get to you.
If you have specific security concerns, feel that you would be targeted or require a custom solution, please get in touch.