Data Protection and Cybersecurity Practices
Last Update: January 04, 2024
1. Expertise in Cybersecurity
Our cybersecurity framework is based on the experience of our CTO, who previously worked at Open Systems AG in Zurich, which is one of the leading cybersecurity providers worldwide.
Key projects included the handling of sensitive information, particularly in domains like finance and taxes. Dealing with such critical data has honed our skills in managing, securing, and protecting sensitive information against a multitude of cyber threats.
2. Enhanced Cloud Cybersecurity
We use Cloudflare for cloud cybersecurity, including their advanced DDoS mitigation and proxy services. These tools are essential for protecting against a broad spectrum of cyber threats and enhancing our system's security and reliability.
3. Two-Factor Authentication (2FA)
All employees are required to use two-factor authentication (2FA) along with complex, computer-generated passwords for accessing any third-party systems. This combination of security measures significantly diminishes the risk of unauthorized access.
4. IT Infrastructure Security
Our IT infrastructure, hosted on AWS Cloud, is safeguarded by stringent VPN-based access controls. This limited access model is crucial for ensuring that only authorized personnel can access our network, thereby bolstering overall security.
In addition to VPN controls, we implement a 'block by default' policy across various security groups. This means any attempt to access resources is denied unless expressly permitted, significantly reducing the potential for unauthorized access.
Furthermore, most of our services are strategically placed in a Demilitarized Zone (DMZ). This separation between internal and external networks adds an extra layer of security, protecting sensitive internal data while allowing controlled access to necessary external services.
All aspects of our network and services are under constant surveillance, ensuring immediate identification and response to any unusual activity or potential security threats. This comprehensive monitoring is key to maintaining the integrity and security of our IT infrastructure.
5. Data Encryption
For file storage, we use Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3), ensuring all data, including provider images, are encrypted. We also implement short-lived signed URLs for Amazon S3 file access, restricting the availability of these URLs to a brief, predetermined duration for enhanced security.
Sensitive information like user phone numbers is encrypted using Advanced Encryption Standard (AES-256), with the encryption keys securely stored to prevent unauthorized access. Device data is encrypted with device native encryption methods.
6. Data Storage Location
All user data is stored within Europe on AWS, ensuring compliance with stringent regional data protection regulations. By hosting data in European data centers, we adhere to the high standards set by local laws, including the General Data Protection Regulation (GDPR).
7. Document Verification and Data Storage
We utilize GBG (www.gbgplc.com) for document verification processes without storing any personal document data on our servers, minimizing data vulnerability.
8. User Data Deletion Protocol
Upon a user's request for account deletion, our fully automated system ensures their data is removed promptly and permanently from our database.
9. Automated Cybersecurity Scanning Tools
Automated scanning tools are in place to ensure the source code meets security and quality objectives. This includes verification against OWASP Top 10. We extensively utilize automated tools such as Snyk and SonarQube for continuous cybersecurity scanning, complemented by other services including AWS’s own scanning capabilities. This broad spectrum of tools enables proactive identification and mitigation of potential vulnerabilities across our infrastructure.
In our commitment to security, we adhere to a strict policy of addressing identified critical vulnerabilities within a resolution timeframe of 24 hours from detection.
10. Sensitive Data Restrictions
We only utilize sensitive data when it's absolutely necessary for the execution of essential operational functions. This approach is integral to maintaining the integrity and confidentiality of user data.
We have controls in place to prevent sensitive data from being shared with third-party software, except in cases where it's imperative for specific functions, such as authentication processes. Even in these scenarios, the sharing of data is governed by strict protocols to ensure maximum security.
Additionally, our software development best practices ensure that sensitive data is not logged or stored in any form that could lead to unauthorized access or exposure.
11. Human Resources Security
All our employees and contractors operate under strict Non-Disclosure (NDA) and Confidentiality agreements. Offboarding of staff and revocation of user access is done promptly avoiding unauthorized access to information.
12. Roadmap
As part of our ongoing commitment to cybersecurity, we aim to achieve ISO 27001 certification within 2024. In preparation of this we are planning to conduct comprehensive external cybersecurity testing, including penetration testing and audits. These activities are contingent on a fundraising process we aim to close within Q1, 2024.
How can you contact us about this?
If you have any questions or concerns please contact us.
[email protected]
Choice Technologies © 2024
All rights reserved