Nowadays, many employees work from home; hackers regularly target businesses to steal sensitive data. For those reasons, data protection is our top business priority. In fact, we think data is the most important asset we have. Functional data protection includes guarding the availability of the data to employees, its integrity and confidentiality. The fundamental data protection principles are safeguarding and making available data under all circumstances.
We understand that since our company handles a significant amount of personally identifiable information from investors, employees, and stakeholders, a data breach can do huge harm. Hence, we think an effective data protection strategy helps prevent data loss or corruption. Today we would like to share some of the main principles of our Security policy and implemented procedures for data protection:
• "Hive5" has approved an information security policy that defines the high-level principles and rules to protect the confidentiality, integrity and availability of the organization, their customers' data and information.
• We have documented a separate dedicated security policy about processing personal data. The procedure is approved by management and communicated to all employees and relevant external parties.
• We have formally appointed the security officer. In addition, we have set and documented the tasks and responsibilities of the security officer.
• Database and application servers are configured to run using a separate account, with minimum OS privileges to function correctly. Also, the servers process the data that are actually needed to process to achieve its purposes.
• Encryption solutions are considered on specific files and records through software and hardware implementation.
• Anti-virus applications and detection signatures are configured weekly. In addition, critical security updates are regularly released by the operating system developer.
• The physical perimeter of the IT system infrastructure is not accessible by non-authorized personnel.
• User passwords are stored in a "hashed" form.
• Two-factor authentication preferably is used for accessing systems.
• There is no possibility of deletion or modification of log file content.
• A monitoring system produces reports and notifies of potential alerts.
• During the development lifecycle, best practices, state-of-the-art and well acknowledged secure development practices, frameworks or standards are followed.
• Periodic penetration testing is carried out.
• Backup and data restore procedures are defined, documented and clearly linked to roles and responsibilities. Thus, we ensure to react appropriately to potential failure scenarios and recover the operations of our system activities.
To sum up, protecting data from compromise and ensuring data privacy are the main components of our data protection strategy.
It is important to note that by following European Union's General Data Protection Regulation (GDPR), consumers have the right to know what information is collected from them, what information and with whom their data is shared. Accordingly, we communicate it on our web page. If you need more information regarding personal data protection, please get in touch with us.