Ever since the Internet was invented, people (hackers) have been trying to steal data. It has always been this way; even before the Internet.
Only 10 years ago, I was reticent to have my client’s data in the Cloud. Today, with newer technology and resources, online data safety is the safest it has ever been. AND, it will only get better in the future.
Governments and businesses have taken initiatives to protect personal and business data online. The EU has something called the General Data Protection Requirement (GDPR). This is a very strict set of requirements that define how data is treated online. Currently (2020) this only applies to the EU and those doing business with EU companies. However, elements of this requirement will soon be filtering into requirements applicable to the United States. S W Business Solutions uses a website hosting company that is fully GDPR compliant. That company also offers HIPPA and PCI data firewalls for sites.
So, how does S W Business Solutions protect client data online? We are not going to tell!
However, we can touch on the highlights. Several techniques are employed to protect client data.
- S W Business Solutions provides a full site cyber security penetration test from a Cyber Security PhD candidate if so desired.
- Database encryption – sensitive data can be, if the client should wish, encrypted so stolen data will not be readable without the decoding key.
- TLS – each website is protected by an encryption certificate that uses Transport Layer Security (TLS) https://en.wikipedia.org/wiki/Transport_Layer_Security to encrypt the data moving between the Cloud server and the user’s browser. This prevents “man in the middle” attacks.
- Fixed Parameter Passing – Passing text between web pages allows SQL injection attacks and script injection attacks. S W Business Solutions only passes digital integer codes that are translated by the receiving page and thereby thwarts such attacks. Only a fixed set of responses can be made on any page. If text information must be passed for any purpose other than display on a page, it is saved to a database and then read from the database on the receiving page so no hacker can get to it as it is being transferred between pages.
- Dynamic page scripting – there are several scripting languages that provide dynamic webpages. S W Business Solutions used ColdFusion since it is an Adobe product and has a very high focus on database security built into the language. A new version of ColdFusion is released every two years with interim updates released as needed.
- ColdFusion Summit – S W Business Solutions attends the annual ColdFusion Summit conference in which new features and data security subjects are presented by industry professionals.
- Password controlled user access – The data owner is provided tools to grant full or limited access to individual staff members giving them rights to only those areas of the program required to do their job. Forbidden areas are not “greyed” out; they simply are not shown. Further, every page access checks to see of the user is currently logged in. That way, people can not bookmark a page in the middle of the program and return later without logging in.
- Tattle-Tails – The owner can define user behaviors that need to be tracked and reported if they occur. These can be login attempts before or after defined business hours, failed login attempts, login from blocked IP addresses or devices or just about any other behavior.
- Auto-Logout – based on the data owners needs, a timer is constantly running in the background. Should a preset period of inactivity occur, the “session” is terminated and any attempt to use the program will force the user to re-login. This helps prevent situations where users walk away from their computer without logging out and the cleaning crew have access to the company database at 2am.
This is only a portion of the efforts made to protect online data. Of course, dedicated professional hackers will always have ways of stealing data but the probability of a rogue national intelligence agency attacking your data is very low. Actually, about 67% of all data loss (deliberate and accidental) is caused by employees!
Online data security is as safe as it is on your server in your office.