How Our Security-Driven Company Avoids Hacking Attacks
A staggering reality is that hacking attacks happen once every 35 seconds in the United States. Although businesses and governments now devote more resources to cybersecurity than ever before, the hacking threat remains strong. The question is, how can companies protect themselves from hackers?
In this post, we’ll take a twofold approach. First, we’ll share how we help FormAssembly customers prevent hacking attacks. Then, we’ll dive into our own company philosophy and strategy.
How we help our customers avoid hacking attacks
FormAssembly is committed to adhering to the strictest security and privacy standards in the marketplace. This means that our customers can rest assured when they collect data through our platform. You can read an in-depth overview of our practices and procedures on our Security page. As a best practice, this information is public-facing to promote transparency and accountability.
With that in mind, let’s take a look at some of the specific measures that FormAssembly has in place to help our customers guard against hacking attacks.
Protecting customer information
If you collect data from customers or other end users, you are responsible for that information. Your form respondents must know that they can trust you, your processes, and your privacy plan. Here are a few of the many ways that FormAssembly helps you protect your customers’ data.
- Authentication – Choose from CAS, SAML, or LDAP to ensure that only the appropriate people have access to your web forms.
- Encryption – Encryption means that your data is not readable by anyone who does not have the right key. FormAssembly implements TLS 1.2, which increases encryption security and gives customers more peace of mind. Additionally, data sent via HTTPS provides three proactive layers of protection.
- Data Types – Part of good data stewardship involves identifying the type of data you actually need to collect. Different laws and regulations apply to certain types of data (financial, medical, PII, etc.), so be sure to only ask for the kinds of data you need for essential activities.
Each of these areas provides one more access point that hackers must break down before accessing any customer data. By ensuring that these features are reliable, FormAssembly provides peace of mind without extra hassle.
If you’d like a crash course on data security best practices, the FormAssembly knowledge base is a great place to start.
Security incident response
According to the communications experts at Cisco, an incident response is “a set of instructions to help IT staff detect, respond to, and recover from network security incidents.” These plans serve a basic purpose to protect the flow of work, but they also have a deeper purpose when it comes to disclosing data leaks, losses, and hacking attacks.
FormAssembly has an established Incident Response policy and procedure based on NIST guidelines that activates upon a security breach. In the event of an incident, FormAssembly will notify all affected customers in a timely manner of any unauthorized access to your data. The FormAssembly Incident Response plan is tested annually or as needed.
Preventing data leakage
In order to prevent surprising vulnerabilities, we take several necessary precautions to minimize leaked data. Here’s what you can expect if you collect data with FormAssembly.
- Global data security centers hosted by Amazon Web Services (AWS), which holds numerous international certifications regarding security and privacy
- Web application firewall to protect against common web attacks
- IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are in place to promote network and server security
Additionally, FormAssembly upholds the following certifications:
- PCI DSS Level 1 Certified
- Compliance with GDPR, HIPAA, FERPA, and more
- FedRAMP Ready Government Cloud
- ISO 27001
Using appropriate data disclosure
Your customer data cannot be shared with third parties or other companies without your permission and consent to do so.
How we prevent hacking attacks at our own company
At FormAssembly, we recognize the need to practice what we preach. As an industry leader in data stewardship, it’s important that each member of our team has a strong understanding about their individual responsibility as data collectors. Our standard process involves regular teaching, team-wide security training, audits, and security reviews.
Here are a few of the practices that keep us primed and ready to mitigate hacking attempts.
We catch the bad phish
Phishing is one of the many ways that hackers attempt to manipulate users into exposing or sharing confidential data. Although this usually takes place via email, phishing attempts happen through other communication channels as well.
“Administering monthly security awareness training and up-to-date phishing campaigns keeps your workforce mindful of the evolving security landscape. This is one proactive way to limit human exposure to threat actors.”
—Chad Cragle, Director of Security and Compliance
At FormAssembly, we train our fully remote team to keep an eye out for phishing attacks and to handle them appropriately. This company-wide conversation also ensures that team members can distinguish genuine customer messages from nefarious phishing attempts.
We minimize insider threats
Personnel security is another major focus. Each team member goes through a thorough background check and completes the necessary security and privacy training. This step ensures that our team members who have access to customer data are highly trained to handle any red flags or suspicious hacking activity.
We say no to social engineering
Social engineering is a tactic used by hackers and threat actors to manipulate a user into disclosing sensitive information that the hacker considers valuable. Social engineering is especially tricky, because it may seem as though the hacker personally knows the individual they are targeting. This familiarity is often gained through social media and research.
Although we encourage team members to actively engage on social media and to expand their professional networks, we counter this with common sense tactics for preventing social hacking attempts. Monthly security training provides concrete examples of how social engineering looks in the real world, ensuring that our team members are never caught off guard.
We educate on malware and ransomware
Malware and ransomware are some of the most crippling risks to an organization’s cybersecurity structure. In particular, ransomware attacks are on the rise. This strategy can render organizations useless, and it can also prove to be extremely expensive to solve.
Our Security Team is dedicated to protecting both customers and employees from these costly attacks. Regular communication, reminders, and training help keep these vulnerabilities top of mind.
Strengthen your company’s defense
Looking for additional ways to strengthen your company’s defense against threat actors? Check out our ultimate guide to secure, compliant data collection at the link below.