How Secure is Datawash Processes?

Published on 2020-08-14 13:27:05
4 min read
Data protection is a necessity for every organisation that expects to stay in business.  At Datawash, given the nature of the database related services we offer, data security is a vital element of our existence.  As the incidence of troubles such as phishing scams, spyware, ransomware has increased globally, at Datawash we make every effort to remain on top of the data protection best-practices at all times. We value the security of our clients' data extremely highly.  To do so, we adhere to the following security measures:
    1.    Secure Sockets Layer (SSL) Certification and Proprietary Encryption.
SSL is a security technology that is generally employed to secure server to browser operations and processes.  This includes the securing of any information passed by a browser (such as a password or sensitive information) to a web server (such as an online portal or an online store).  All confidential data uploaded to or downloaded from the Datawash portal is protected by SSL Certification and proprietary encryption.
  1.     Client data retention
Keeping files too long on a server can be just as dangerous than not keeping them long enough.  At Datawash, no client data is shared with other parties and we set our expiration dates on files in our server not more than 7 working days to ensure files do not hang around longer than intended. This means we delete files from our server within 7 working days of processing with written confirmation of its purging sent to our clients.
  1.     No Cloud systems
You are the only one who must allow others to access your data.  If your data is on the cloud, it is impossible to know just how protected it is and be sure no one can access it when you don't maintain the server it is stored on.  According to the 2019 SANS State of Cloud Security survey, 19% of survey respondents reported an increase in unauthorised access by outsiders into cloud environments or cloud assets, up 7% since 2017.  For these reasons, at Datawash, we do not use cloud systems in any manner.  Our clients' data resides on a single machine/server during and after processing.

  1.     Limited access to portal and data
Protection of data is required by Australian Privacy law.  This prevents potential liability, severe negative publicity and long-term loss of critical services, data tampering, and/or legal action against Datawash.  As such, access to our internal data as well as our clients' data are only permitted on a need basis.  That is, access is limited to only few staff members with a business need to access.  Non- employees and third parties must provide written request to the director's approval prior to access.  Exceptions are made to State and Federal agencies.  We use permissions built into our system to limit access to our portal.  When a staff member leaves Datawash, we make sure access to any of their assigned portals is removed. In addition, we essentially delete inactive users of our portal as quickly as possible.
  1.     Encryption, Password and Virus protection
A major challenge of data storage security is blocking intruders from accessing important storage facilities. At Datawash, we believe using encryption when sending and receiving information is not enough.  We encrypt all files even when not being accessed and we store our encrypted files behind secure firewalls and ensure all incoming and outgoing files are scanned for viruses before they are stored or transmitted. 
  1.     Our Privacy Policy
Datawash services are governed by and adhered to Federal Government's Australian Privacy Act.  We regularly update our data security and privacy policies and frequently train our staff on Privacy and Security Policies.  We also recognise that no single office, policy, or procedure provides absolute security, therefore, all our employees and authorised users of our information systems are responsible for minimising risks and securing information assets within their control.
  1.     Onsite Processing
We appreciate that some of our clients are unable to use portals due to their stringent internal policies.  To ensure they gain access to our services and enjoy the benefits, we offer a service where we visit the clients’ premises to clean and update their customer files under their direct supervision.  This replaces the uploading to and downloading from the Datawash portal.
Our online and offline security measures have been tested successfully over the years of our operation.  All in all, we at Datawash understand the value of your database and what it means to you as a client.  We have stringent and robust tools, processes and procedures built into our service offerings to confidently protect your most important assets being your database and customers and in doing so, we help support your brand and your ability to continue to grow your revenue.