Part of the consideration of the General Data Protection Regulations is the security of the personal information stored electronically. Because Freethought is responsible for the security of the servers we operate and/or manage it is understandable that our customers wish to have an understanding of what security measures are in place for their consideration in their own privacy policies. However, security measures become less effective if we publish the exact details of how we secure our infrastructure, we will however provide a rough summary of what measures we have in place.
- Software firewalls are configured with a stringent set of rules to ensure that only legitimate traffic can access the server.
- The majority of services are behind hardware firewalls to provide a strong defence against attack.
- Login failure detection and other behavioural analysis techniques are used to automatically block IP addresses that attack the server or make repeated failed login attempts that could be an attempt to attack the server.
- On shared servers, customers are segregated from each other to prevent access to other customers data.
- Only SSH key authentication to servers is permitted to defend against the possibility of weak passwords.
- We enforce strict password requirements on the majority of our services.
- There are a number of other threat detection and mitigation solutions running on servers and infrastructure.
- Two-factor authentication is available on the Freethought customer portal.
It should be clarified however that in probably 99% of cases where websites, email, and databases are compromised they are done so via out of date software or weak web application passwords. Customers should view their own web application and passwords as the weakest point in the chain and far more likely to pose a risk to data security. Always keep software up to date, never use default usernames, always use very strong passwords that don't have dictionary words in them.
- Freethought urges you to seek independent legal advice on this matter, we make no guarantees as to the accuracy and applicability of the information provided.