In this article:
In general, people are the weakest link whether they are building security systems or using them.
Security Architecture
Security needs to be comprehensive so you can't go around it. If it looks secure, it should also be secure. Users of secure systems are lazy or in a hurry, you need to build your systems so they can't make them less secure (enforcing password strength is one way of preventing people weakening your security, mrfluffy1234 is not a great password).
Replace images and grid them
General architecture
There are a number of safeguards to ensure that a platform remains secure. Some methods include:
- Defensive programming techniques - The platform is constantly being revised and updated to reduce the number of bugs.
- Code analysis - We use ShiftLeft to analyze millions of lines of code to locate and quickly fix any security vulnerabilities that may pop up.
- Pen tests - Penetration tests, or Pen tests, are simulated cyberattacks performed to evaluate security techniques as well as server stability. Many of the tools used during pen tests are the same ones used by hackers.
- Audits - In addition to the code being analyzed by ShiftLeft, manual audits are completed to identify and fix any bugs that are present.
People are the weakest link
When it comes to security, it's widely known that people are the weakest link. People do things all the time to compromise security, like sending PII or BCI to unauthorized users.
Passwords / Login
Password Policy - Encore’s policy is for all passwords to be a minimum of 10 characters and have some upper case characters, lower case characters and numbers. (Some Encore systems have higher standards than this – but it should never be lower)
Check for accuracy
You can fortify your accounts by enabling 2-factor authentication. There are a number of 2FA methods available, from being sent a text with a secure code to using an authenticator app. If you've set a password without setting a second authentication method, are you really securing the account?
Platform
You should use an enterprise-grade platform or system for storing and sharing data that is recognized and secure. This includes PII, BCI and all images that might have logos or people in them.
| Microsoft SharePoint | Yes |
| Microsoft Outlook | Restricted |
| Dropbox | No |
| Wetransfer | No |
| Google Drive | No |
Sharing
Data should be shared by secure file sharing to specific people on a platform with enterprise-grade security.
Data should not be shared by email*, USB stick, hard drive, or third-party file-sharing websites.
We will look at how we share files for Digital Production in another article.
*Sending files or data as attachments via email may be a backup option if there is no other available method. Files protected with a unique strong password can be sent over email as a last resort. The password must be sent by an alternative channel of communication e.g. mobile phone SMS text message, or verbally during a call. This maintains the security in the event of an email system being compromised.
NEVER SEND DATA IN THE BODY OF AN EMAIL OR AS AN UNPROTECTED ATTACHMENT.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article