findigl property platform logo
  • Solutions
    Online Presence Email Management Referral Toolkit Batch Automation & Devops Online Security
  • More
    Newsletter Referral Scheme Business Intelligence White Papers Innovation
  • Technical
    Websites Database Development Reporting Applications Quality Services
  • Contact

Online Security

Security is a constant challenge

The best way to be secure online is to not have very much to offer.

Understanding responsibility

This page is not Info Rhino selling our services to you. Instead, we talk about some of the solutions we have in place to help us and our customers be more secure. Security is something everybody needs to consider.

A constant challenge any software service provider finds is maintaining Information Security for their customers and clients. We focus more on the design of data structures, operating on principles of least knowledge to ensure that if data is leaked - its value to bad actors is minimal.

Any company with an online presence is under ever increasing scrutiny to protect their customer's data.

  • EU Fines and penalties
  • ICO Fines and penalties guide

It is not just the fines administered by regulators, but more the damage through reputational loss when a security breach occurs.

None of this page constitutes legal advice, or best practice, so please do as much research as you can.

How we protect our customers

  • Any password based access will only be for third-party plugins or test websites.
  • We never ask you for password details.
  • We never store credit card payment details from you.
  • For websites requiring authentication, we recommend using at least two activation email addresses.
  • We store virtually almost all contact information in hashed and encrypted formats.
  • If we feel we need to partition data for enhanced security, we will.
  • We have internal data retention policies.

Despite these approaches, we always recommend you decide what level of information you are comfortable sharing with us or third-parties.

Matrix man protecting a door

 

Our CMS website's security

We realise that password authentication for websites is a real problem for many customers. Within our Content Management System (CMS), we reviewed the many experiences we have found with securing websites;

  • Auth incurs a maintenance overhead.
  • OAuth bears a risk for some websites of getting de-platformed.
  • Third party providers of authentication can get expensive quite quickly.
  • Proprietary password username mechanisms are frequently responsible for data breaches.
  • Blockchain based authentication will be the best way to control access securely.

We have taken a different approach to securing our websites. We think more in terms of;

  • Authentication Protocols - email, passwords, and mobiles are all examples of authentication protocols. 
  • Principles of least knowledge. For our property platform - findigl, the most somebody will ever know about somebody is they looked for a property in the UK.
  • Sensitive data should be stored on a separate location without name and lookup data.
  • Payments for subscription services of relatively low value are far less attractive to hackers than expensive big-ticket items.
  • Trying not to leave data lying around for too long.

Third-party security

Finally, whilst we keep abreast of security relating to OWASP, we are jointly responsible for considering security. Penetration testing may be an extra step we need to take when implementing a solution for you.

We may identify a third-party OAuth provider who is more appropriate than what we offer.

 

Important questions to ask on security

Do I need security at all?

If the information you are sharing online is not sensitive, if you aren't risking your user's integrity, or if their information is publicised in other locations - we can quite rightly ask this question.

You will need to consider security if you are;

  • Handling payments.
  • Employing people.
  • Communicating with customers by telephone, email, online messaging services.

Are there techniques available to mask information?

We use;

  • Obfuscation.
  • Randomisation.
  • Hashing.
  • Encryption.
  • Secure Certificates.

 

Other questions?

  • Do I need secure certificates for my website?
  • Should I encrypt emails?
  • Should I use Password Safe Managers?
  • Should we use Open Authentication (OAuth) providers such as Microsoft, Google, Yahoo, Twitter, Facebook?

Security is how you function

  • Rather than email a password and user name in the same email, send one in each without stating what it relates to.
  • When expecting payment from clients - sometimes it can be better to pay small test amount and then the full amount.
  • Is it better to store files on a cloud drive than on a deskop?
  • If storing sensitive data, is a secure data vault a better approach?
  • Should you zip folders and encrypt them?

 

Get in touch

Whether it is databases, websites, reports or applications, please tell us more.

Email us

Need assistance?

Existing customer or need to understand more about anything on our website? Get in touch.

Support and help

 

 

 

 

Info Rhino Limited

Company number: 07299641

London, United Kingdom

TermsAndConditions2019.pdf

Cookie Policy

© Info Rhino 2010-2019