Let’s Talk Security!

16 May
With the recent cyber attack that has hit numerous organizations in the UK, most noticeable the NHS, cyber security is on everyone’s lips. We briefly caught up with Simon, our security chief, to get some words of reassurance!

1. What kind of security measures do freewebstore take?

We monitor our systems, logs and firewalls constantly, scanning for malicious activity.  Automated systems are in place to block any bad actors, and do so regularly.  Keeping our store owners and their customers safe is the Security Team’s top priority.

 

2. Will the latest cyber attack impact our store owners?

Not at all.  Our servers use the latest operating systems and are kept fully patched.  We remain on High Alert for the time being though, just in case.

3. What can I, as a store owner, do to minimize an attack?

 As far as your store is concerned, you don’t need to do anything, that’s the beauty of freewebstore!  Leave the technical stuff to us, so you can focus on running your business. For the computers you use daily, I’d recommend that you keep them up to date with the latest patches (Windows Update, etc) and try to run the latest version of your operating System where possible – especially if it was released more than 5 years ago. You should also run a modern browser, such as Google Chrome or Mozilla Firefox, which automatically keep themselves up to date.

Phew! Thank’s, Simon…

A little bit more information on our store security can be seen below!

Are freewebstore PCI compliant?

 Yes. Security is of paramount importance to us and we take PCI compliance very seriously. Freewebstore undergoes annual assessments to validate our compliance. Continuous evaluation and risk assessment ensures that PCI compliance is at the heart of what we do.

We’ve partnered up with Braintree to provide a secure environment that goes above and beyond industry standards and guidelines:

Braintree – https://www.braintreepayments.com/developers/security

Prohibited Data Storage

We never store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data.

Data Encryption

Cardholder data is stored using one of the most advanced encryption methods available. Multiple encryption keys are stored on different physical servers. A data thief would not be able to make use of information stolen from a database without also having the key. The data store where cardholder data is kept cannot be connected to via the internet.

Authentication and Session Management

All users have to authenticate each time they use the application and inactive sessions time out after 2 hours. Passwords are never stored directly in the database. In addition, all communication between merchants and us is conducted in a secure fashion using TLS (Transport Layer Security).

Penetration Testing

At least quarterly, automated vulnerability scans are conducted on our Card Data Environment. In addition, at least once a year we have extended external penetration testing conducted by outside sources.

Securing Access

Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPS.

If you want any more information on this please contact our team at support@freewebstore.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: