The 10 best data security practices we follow at Arateg
Signing an NDA and engaging lawyers
We always start cooperation with signing a non-disclosure agreement.
Or mobile and web development company consults with lawyers on all
issues associated with documents in order to ensure proper
assignment of rights and intellectual property. Signing an NDA, we
provide our customers with data confidentiality.
Employing VPN connections
With a virtual private network (VPN), our software development
company encrypts data and provides a safe tunnel to transmit it.
Therefore, hackers are not able to obtain information about user
location and online activities.
Employing VPN connections for all the interactions with the
customer’s and our own infrastructure, we securely access tech
devices and computer systems even when working remotely during the
coronavirus pandemic. As our practise shows, the use of a VPN is one
of the most simple and effective ways to improve data security and
Using two-factor and multi-factor authentication
Multi-factor authentication (MFA) is one of the best data security
practices, which requires providing at least two credentials to
verify user identity, for example, passwords, location, codes sent
on mobile phones, fingerprints, hardware tokens, etc.
Here at Arateg, we use both 2FA (two-factor authentication) and MFA
to protect sensitive information. With multiple credentials, we keep
data safe even if one of the steps, say, a software engineer’s
password, is compromised.
Setting up robust passwords
Our team members use complex reliable passwords created with the
help of 1Password. This tool enables us to safely store numerous
credentials, prevent security breaches, and protect from phishing.
1Password works only in verified browsers and requires manual user
Using a secure online collaboration platform
We use Google Suite to perform a variety of tasks, from keeping
records and scheduling meetings to email communications. Google
Suite, or simply G Suite, comprises a set of cloud computing and
online collaboration tools, including Gmail, Hangouts, Calendar,
Drive, Google Docs, Sheets, Slides, Sites, and many others.
In G Suite, access to folders and documents is defined in such a way
that it is impossible to accidentally or intentionally leak
confidential data. The platform provides role-based access control,
one of the simplest and most effective ways to protect sensitive
information and ensure confidentiality.
custom application development company,
we set up strict permissions, so that only certain specialists can
view, comment, and/or edit documents.
G Suite is used by multiple world-famous companies, for example,
Nielsen, Colgate-Palmolive, Broadcom, MyRepublic, MediaNews Group,
Virgin Active, etc.
Making use of data encryption
To secure sensitive data, our specialists use software tools that
provide encryption. In our work, we mainly employ Slack, that
enables enterprise-grade data protection, message encryption, log
audit, identity and device management.
Additionally, we use WhatsApp private chats with E2EE (end-to-end
encryption) for information safety. This is one of the best data
security practices to prevent any leaks or breaches: in the
end-to-end system, only conversation participants have the keys to
code and decode messages. So, other parties won’t be able to read
Protecting against DDoS attacks
Distributed denial-of-service (DDoS) attacks are malicious attempts
of intruders to overload the targeted system, website, or devices by
accumulating a flood of traffic from numerous sources. The main
objective is to produce high loads or make the required service
Server crashes, a lot of spam, shutdowns are typical consequences
that companies have to cope with. DDoS can be compared with traffic
jams when it is difficult and time-consuming to arrive at the
Employing Cloudflare, Load Balancing, and other tools, our security
experts optimize traffic, minimize spam, and avoid any threats. By
providing high resistance, we prevent possible failures and ensure
seamless user experience.
Providing physical data protection
Physical access to our company is possible only through a special
key card. Thanks to an electronic system, we monitor a stream of
people, including everyone who enters or tries to enter our office,
as well as the time of arrival, departure, etc.
Training employees to secure sensitive data
All our specialists are trained to create robust passwords,
regularly change them, not use the same credentials for multiple
accounts, and employ secure applications for file sharing.
Our team members know what a phishing email is, which helps us
prevent ransomware. We use only trusted computer programs,
anti-virus products, and VPN connections to set up safe interactions
with our customers, partners, as well as in our software house.
Regularly holding security audits
A security audit is a set of proactive techniques and approaches,
which enables a company to detect existing vulnerabilities and avoid
data security risks. Carrying out regular audits for hardware and
software, we protect sensitive information and prevent any issues
before they are severe.
Sufficient password reliability, sufficient file activity auditing,
correct security configurations on all systems, the use of only
compliant software and licensed programs, consistent access control
lists (ACLs) on documents and folders are examples of those things
that we ensure during check-ups.
Furthermore, our experts test recovery plans and incident response
strategies while also enabling data retention. When necessary, we
connect with third-party security consultants, so that they check
out all the systems to exclude possible leaks and breaches.