Featured Help Articles
Digital Data Protection at Patriot Software
May 2, 2019
Our digital security philosophy is one of limited access, ongoing education, and proactive testing to ensure protection for our customers and ourselves. We take security seriously, which is why you’ll always see an HTTPS connection when you’re logged in with Patriot Software. Other ways we keep you safe are:
Handling of Sensitive Data
All core, sensitive customer data is encrypted both in transit and at-rest. Sensitive data (social security numbers, bank account, credit cards and customer passwords) are encrypted in our database which protects against access to sensitive data that is at rest. We’re using AES (Advanced Encryption Standard) encryption with 256 bit key size to encrypt the data at rest.
Sensitive data is masked in our in-house CRM (Customer Relationship Management) software. Social security numbers, bank account, credit cards and customer passwords are not viewable by internal users.
Infrastructure and Access
Our software stack and infrastructure currently runs on Amazon Web Services, where we restrict access to production servers and databases to only core development and system administrator staff. Access to our systems is monitored and logged.
We make regular, daily backups of all customer data, and then we replicate that data to a secured, onsite location. Additionally, we use Iron Mountain, a secured data storage facility, to indefinitely store encrypted backup data.
Our staff are continuously trained on the latest threats
Inevitably, the weakest part of any security system will be the people. We address this by having all staff enrolled in continuous security, phishing, and data protection training, administered by Wombat Security Technologies. Internal phishing campaigns are conducted at random times throughout the year, and employee digital security awareness is monitored so we can give supplemental training if need be.
Our staff and development team work out of our Canton, Ohio, office building. Access to our building is monitored and managed via physical ID badges, which are required to be worn at all times by all staff. Doors to the building remain locked at all times.
Password Management and Two-Factor Authentication
Two-Factor Authentication is enforced for every work account, including Google Apps, GitHub (where we store our source code), and LastPass. Our company utilizes LastPass Enterprise, which centralizes, encrypts, and obfuscates sensitive login credentials between groups, while allowing us to monitor overall company credential strength.
Redundancy for core systems
Our infrastructure takes advantage of the redundancy provided by Amazon Web Services to ensure that backup systems are at the ready to take over, should something happen.
We monitor and address threats before they happen
Our company contracts SecureState LLC., a global management consulting firm focused on information security, to perform annual internal and external penetration testing on our applications, services and infrastructure. In addition to penetration testing, this consulting firm also serves as a year-round consultant for security-related matters at Patriot Software.
Monitoring and Threat Detection
We utilize best-in-class security infrastructure and services, which allows for detailed logging and control over aspects like: rate limiting, IP blacklisting, traffic monitoring, automated error reporting. Additionally, all incoming and outgoing application traffic is served over the HTTPS protocol (secure connection), and access to our databases and web servers is monitored and restricted to a necessary small group of our development staff, and customer-related login information is stored encrypted in our database.