Digital networks are a key enabler in the outsourcing of business activities. They significantly enhance our ability to communicate, share, store information and connect with our clients. But just as new technologies bring new capabilities, they also bring an increased risk of data disclosure.
This reality means we consistently review our data security measures, and one of the things we did recently was make investments in the Cyber Essentials scheme to check we were undertaking the key security steps which cover the common cyber threats.
Cyber Essentials is a UK government backed cyber security certification scheme that sets out a good baseline of cyber security.
The scheme addresses five key controls (as listed below), which when implemented correctly can prevent 80% of cyber-attacks.
Controls tested by the Cyber essentials scheme:
- Boundary firewall and gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Testing of our controls was done by a UK government approved professional ethical hacker who tried penetration testing from both inside and outside of our Skipton office network. We are glad to announce that we have passed the audit and are now certified at Cyber Essentials Plus level.
QX’s Global security strategy and mind-set
The Cyber Essentials scheme is just one of the things we have done to demonstrate the lengths we go to secure our client’s data. As part of our approach to data privacy and information security QX already has the following measures in place:
- Secure management systems - ISO 27001:2015 for security and 9001:2013 quality management standards
- Physical storage - highly restrictive, access-limited servers within a state-of-the-art data centre
- SSL encryption - all your interactions secured via a bank-grade 256-bit SSL encryption
- Compliant with the UK Data Protection Act 1998 and moving towards GDPR compliance
- Need to know basis - data can only be accessed by as few people as is necessary to complete the job
- Secure client login
- Firewall defences
- Antivirus and anti-malware software (server, endpoint, gateway)
- 24/7 manned entry points
- Daily server backup
- Biometric systems
- Disabled USB ports
- Clear desk policies
- Limited internet access
- Continuously monitored web-access
- Disaster recovery program
We have already started work on getting the Cyber Essentials Basic (external scan) for the India office. We will keep you posted. In the meantime watch these 3-minute films to understand our infrastructure and security capabilities