15 April 2013

Guest blog: Robert Lawrie, Technical Manager. Security Best Practices

During our internal end of year conference we discussed several aspects of security, including personal, company and software security. This included identifying risks from malicious parties in addition to data integrity and disaster recovery. Many of the points of discussion were relevant to any business with a proactive approach to security.

Personal Security

In a modern office environment we all have passwords we are required to remember and enter into our computers every day. These can range from Domain passwords that we use to sign into our computers at the start of the day, to online service passwords such as webmail. By adhering to good security practices we can minimise the risk of these passwords being either stolen or guessed by malicious parties:

  • Use complex passwords, including mixed case, numbers and symbols
  • Keep passwords secret
  • Do not use the same password for more than one account.
  • Do not log into accounts on potentially compromised computers.
  • Lock any unattended computers.
Company Security

It is key to any company’s security that all employees practice good security techniques, however this can be further improved upon by good policies and practices at a company-wide level:
  • Ensure business critical data is backed up.
  • Give employees access only to what they need to fulfil their role.
  • Publish a company security policy so all employees know the expectations and requirements.
Software Security
As a software house, Paritor have additional security obligations. Many of Paritor’s software solutions handle sensitive data and with Paritor’s recent provision of cloud hosted databases it is extremely important that Paritor’s software keeps customer’s data safe. Paritor have added several measures to the software to ensure customer’s data is kept safe:

  • All connections to internet servers are secured with SSL 3.0 / TLS 1.1 so all data exchanged is encrypted.
  • All weak SSL ciphers are disabled on servers.
  • Customer passwords are complex.
Paritor also restrict access to their servers so only computers in Paritor offices can log onto them.

One of Paritor’s main assets is their source code. This is retained in a Microsoft’s Team Foundation Server which keeps a fully audited record of all changes made to the source code. This means Paritor can retrieve full source code for their products for any given date and time.
 
Rob

1 comment:

  1. Not having the same password for every service is critical. It's annoying, but critital. Everytime to register to a new service, you just gave them your email/password combination for all other services.

    ReplyDelete