In today’s world, business is driven by technology. With more personal data and customer information being collected than ever before, business owners and managers are being forced to rethink their cybersecurity strategy. With customer portals and online membership websites on the rise, it’s time to think about your security needs.
Many companies focus on important security features, compliance and best practices to ensure that their data remains secure. But the best way to ensure that sensitive information stays where it belongs is to have a trusted, layered system.
Keeping sensitive information secure from theft and vulnerability in today's digital world can be overwhelming. But knowing which risks your business is most susceptible to, and protecting against them is the only way to ensure the safety of yourself and your customers.
Working with experienced technology partners is one the best ways to evaluate risks and select the most important security features for your business. By asking the right questions, they can develop a deep understanding of your business’ needs to provide transparent advice and a secure online platform.
Key question: What security tools are you using as a foundation for your platform?
Your customers connect with you through apps, and your employees can’t do their jobs without them, but as critical as they are, applications also expose your business to threats. Application layer security (ALS) protects data and information at the points where applications interact with the network. Security applied to the application layer directly protects from external attacks trying to access your device.
Attacks at the application layer are harder to detect and even harder to contain, so it’s important to have a robust security system in place at this level for your online customer platform.
Key question: How often do you monitor or check for vulnerabilities?
Frequent vulnerability assessments make your platform more resilient to the risk of data theft. Continuously monitoring for emerging threats and vulnerabilities gives insight into all modules of your online product that require security updates. When done professionally, minor problems are detected automatically and can be easily addressed.
Performing a static code analysis is another method of monitoring for potential risks. A static code analysis is done by examining the code before releasing each update or change to your platform. The process aims to ensure that the coding adheres to security best practices.
Where is the data stored?
Threats increase with the number of locations your data is sent to. Many businesses use “Cloud” storage to save on space and resources. Understanding how cloud storage works and where the infrastructure is based is critical to protecting your information.
By ensuring that your customer information is hosted on a server within your company’s country of operation, you’re helping to reduce the risk of “data shipping”. Data shipping is when information is moved between servers when needed to save on space and to make it cheaper for the server owner. By keeping your data in one place it is much less likely for theft or tampering to occur.
Key question: How secure are your servers?
Network security creates an ecosystem for computers, users and programs to perform within a secure environment. Robust network security must be a top priority for virtually any digital project today. External attackers gain access to network resources through the internet, which is a very common way network security is compromised. Network security systems protect access to the database servers and file storage system and prevent the chance of data and identity theft, privacy spoofing and denial of computer network attacks.
Network security starts with authentication, commonly a username and password. Once authenticated a firewall will enforce access policies such as which services are allowed to be accessed by the network users. Though two-factor authorisation and firewalls are effective to prevent unauthorised access it’s important to supplement these two basic network security standards with intrusion detection systems, encryption and other anti-virus software.
Weak authentication, authorisation, and fraud detection capabilities present high risks to data and customer retention.
Key question: Do you employ a firewall and other first-line measures?
A Firewall is a network security system that uses rules to control incoming and outgoing network traffic. It acts as a barrier between a trusted network and an untrusted network.
As the first line of defence, a firewall protects an app from risks such as unauthorized remote access and blocking messages linking to unwanted content.
Key question: How protected is your data from intruders?
An Intrusion Detection System is a network security technology that monitors the platform environment, alerting administrators to detected intrusions and vulnerabilities. Having an IDS can protect against accidental information leakage, security policy violations, unauthorized clients and servers, and even configuration errors. An IDS may respond to suspicious traffic by taking action such as automatically blocking the user (or source IP address) from accessing the network.
The IDS needs to be properly configured to recognize what is normal traffic on your secure website vs. what might be malicious traffic. The administrators responsible for responding to IDS alerts also need to understand what the alerts mean and how to effectively respond.
Key question: Is your system protected from DoS attacks and intrusions?
A Denial of Service attack is a cyber attack that floods servers, systems or networks with unwanted traffic in order to overwhelm the system. This causes the platform to become temporarily or permanently unavailable to its intended users. In serious circumstances, attackers can gain control of the system and cause enormous damage or inconvenience to your business.
While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, modern flooding attacks can be difficult to recover from.
It’s important for your IT team, security administrators and managers to understand the threats, vulnerabilities and risks associated with DoS attacks and implement a detection system such as application layer firewalls to block potentially offending traffic.
What level of encryption do you have?
A Secure Sockets Layer (SSL) creates a foundation of trust by establishing a secure connection for your users. It’s the standard security technology for building an encrypted and private link between a web server and a users browser. To be able to create a trusted SSL connection a web server requires an SSL Certificate with a public and private key. These keys work in unison to establish an encrypted connection.
When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
Similar to SSL, Hypertext Transfer Protocol Secure (HTTPS) is another security standard that protects communication and data over your network. It allows the web browser to check the website’s security certificate and verifies it was issued by a legitimate certificate authority. When you send sensitive information over an HTTPS connection, no one can take advantage of it in transit.
Both SSL and HTTPS protect sensitive information such as customer names, phone numbers, addresses and credit card numbers. They offer your web service credibility and provide a secure platform for your business and customers.
How secure is your payments system?
The PCI-DSS is a multifaceted security standard for eCommerce merchants that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data.
Using a reputable payment gateway, such as Stripe or PayPal, is important to keeping your customer information secure whilst providing a seamless purchasing experience. Working with an established payment provider that offers reliable infrastructure allows your customers to purchase with confidence while integrating correctly and securely with your platform.
The Payment Card Industry issues guidelines that have to be met to ensure compliance and Equiem has an active PCI compliance accreditation. Whilst the storage of payment information within Equiem is minimal, PCI audits ensure that the transmission of payment information both within Equeim systems and to our external payment provider is architecturally designed and implemented in a secure and compliant manner. These audits need to be performed by an Approved Scanning Vendor (PCI ASV) and Equiem remains compliant in this respect.
How secure are your servers from physical attack?
As our lives become increasingly digital, physical security of your system may seem like a less significant threat. However, it’s important to know that your security model is protected on the ground as much as it is in cyberspace. Remember, physical security doesn't just mean protecting against burglary, theft, vandalism and terrorism, it also means protecting from fire, flood and natural disasters.
For the most extensive level of physical protection it’s essential to entrust your servers to a data centre that has military-grade exterior physical security, authorized personnel access, video surveillance, two-factor authentication at each ingress point and that all access is logged and audited.
It’s common for online security to be viewed as singular, however possessing a strong security system for your database requires multiple layers, a deep understanding of the industry standards and scalable tools to protect both your business and customers.
Every business requires different solutions to secure its data. When researching your options, think about how they integrate together to provide a healthy and secure online environment. By working with experienced and reputable security partners from the beginning you’re building a strong foundation for your platform’s ongoing cybersecurity. Having a team that can help implement and maintain industry-leading protection will give both you and your customers the confidence you need to do business.
Equiem has purpose-built integrated solutions that, once combined with the Equiem Portal take the risk out of security.
Equiem leverages a shared responsibility model for security of its platform. The infrastructure is housed by Amazon’s AWS cloud services and Acquia manages the application layer. As such Equiem inherits Amazon’s certifications and accreditation for the infrastructure, network and physical security of the environment. This provides the highest security making sure all of the above security risks are managed in a cohesive and safe system.
Find out more about the Equiem Portal here.
Thank you! Please check your email to confirm.
Something's not right - please try again.
An exploration of why building managers should be garnering data about their building community if they want to please their current (and attractive prospective) tenants: including what you could learn from this data, and how to capture it with innovative technology and communication strategies.
Exploring the evolution of co-working in the 21st century, and how Equiem can help enable co-working through online skillshare, networking and transforming empty rooms into truly collaborative co-working spaces in your building.
Salta Properties’ business precinct in Melbourne’s Mulgrave, Nexus Corporate, will offer property management platform Equiem to its tenants, making it the first ever business precinct in Australia to adopt the software.
Investa Office Management (‘Investa’) has partnered with Proptech specialist Equiem to deliver a tenant engagement program nationally, expanding its role as an office manager and paving the way for a more connected and convenient workplace for the thousands who work in Investa buildings.
We’re delighted to present the newest addition to Equiem’s family, Natalie Clark! As Senior Platform Performance Manager, Natalie ensures our customers are satisfied with their experience in their buildings, which suit their workplace environment along with offer a sense of community to improve work/life balance.
Equiem now has a 10-desk private office in the newly opened WeWork 5 Martin Place, one of the only two WeWork locations so far in Australia. WeWork, a “platform for creators”, provides beautiful, collaborative workspaces with a big focus on fostering an active community - making it a perfect new home for our Sydney team.
For Equiem, fostering a diverse environment was never about being a ‘good corporate citizen.’ It was about gathering together the brightest, best and most passionate regardless of gender, sexual orientation or nationality.
Having a vibrant, engaged community in your building is important, as engaged tenants are more likely to stay and recommend your building to others. Building a community, however, doesn’t happen overnight. Learn the fundamental steps to engaging tenants in our guide.
All around the globe, technology is becoming more than just a tool that connects people - it's adding new levels of convenience and amenity to people's lives. It's more than just a network - it's a service provider. The big companies are finally catching up to the idea that the…
In 2014 we published over 4000 news posts and 6000 event posts. We also sent out over 680 newsletters. If content is king, going from three Equiem Portals to 20 in less than a year truly ended up in an epic Game of Thrones-like bloody battle. But, as in all…
As a company, Equiem provides various services - we activate buildings with an expert team of content creators and editors; we source retailers and manage the Portal Store; we work with our clients to help them help us shape our product and use our services; we run around telling people…
Bringing health and wellness into the workplace At Equiem Engage, what drives us is enriching the lives of tenants, solving their problems; being useful. We treat it as a privilege to be able to engage directly with thousands of these hard-working people every day.