US Department of Homeland Security made a security announcement that hackers are targeting IT service providers to gain access to their clients’ networks around the world. IT service providers have a lot of confidential information such as detailed notes about client’s IT infrastructure, administrative passwords or have methods of accessing client’s network from within the IT service providers systems.
There are no networks that are impenetrable as long as they are connected to the Internet. However, CBM Technology has implemented a vast number of security measures, policies and strictly follow the defense-in-depth strategy for itself. While we are taking this security announcement seriously, we are also confident that your data is safe from unauthorized persons.
Here is why and some of the preventive measures that we have in place – which follows our defense-depth strategy:
- Firewall – We have content filtering, gateway antivirus, intrusion prevention, IP reputation defense and GEO location filtering.
- Multi-factor Authentication – We have 2-factor authentication to log into our workstations and 3-factor authentication to log into our Office 365 portal.
- Account Management – All of our passwords are changed every 90 days and regularly perform a review of all users within our network.
- Dark Web Monitoring – We have a monitoring system in place to alert us when any of our passwords are floating in the dark web.
- Physical Security – Our office is always locked; only authorized persons are allowed into our facility. Authorized persons are always accompanied by a CBM employee.
- Endpoint Security – All systems within our network have endpoint protection.
- Security Patching – All systems are patched with the latest available security patches.
- Business Continuity – All of our critical systems are securely backed up in an encrypted format.
- Mobile Device Encryption – All employees phones and laptops are encrypted and have passwords for unauthorized access prevention.
- Secure Connections – All of our services that we access remotely are either through a VPN tunnel or via SSL connection.
- Vendor Risk Assessments – We perform risk assessments to ensure that if your data is housed with them is secured and have SSAE 16+, PCI and HIPAA compliance.
- Information Security Policies - We have information security policies that provides guidelines for all of our employees on how to handle sensitive client information.