How we ensure your safety with the best data security practices

Data security and privacy is one of the top priorities for our company, along with workflow transparency and Agile methodology. At Arateg, we work with large amounts of critical data, including contracts with clients, technical specifications, various documents, payment details, project specifications, personal contacts, etc.

To prevent viruses, hacker attacks, malware, unauthorized access, and breaches, we employ the best data security practices. As a result, our customers are confident in the quality of our services while our team can be sure that intruders will not access important information. Explore how we protect sensitive data.

The 10 best data security practices we follow at Arateg

1. Signing an NDA and engaging lawyers

We always start cooperation with signing a non-disclosure agreement. Or mobile and web development company consults with lawyers on all issues associated with documents in order to ensure proper assignment of rights and intellectual property. Signing an NDA, we provide our customers with data confidentiality.

2. Employing VPN connections

With a virtual private network (VPN), our software development company encrypts data and provides a safe tunnel to transmit it. Therefore, hackers are not able to obtain information about user location and online activities.

Employing VPN connections for all the interactions with the customer’s and our own infrastructure, we securely access tech devices and computer systems even when working remotely during the coronavirus pandemic. As our practise shows, the use of a VPN is one of the most simple and effective ways to improve data security and privacy.

3. Using two-factor and multi-factor authentication

Multi-factor authentication (MFA) is one of the best data security practices, which requires providing at least two credentials to verify user identity, for example, passwords, location, codes sent on mobile phones, fingerprints, hardware tokens, etc.

Here at Arateg, we use both 2FA (two-factor authentication) and MFA to protect sensitive information. With multiple credentials, we keep data safe even if one of the steps, say, a software engineer’s password, is compromised.

4. Setting up robust passwords

Our team members use complex reliable passwords created with the help of 1Password. This tool enables us to safely store numerous credentials, prevent security breaches, and protect from phishing. 1Password works only in verified browsers and requires manual user input.

5. Using a secure online collaboration platform

We use Google Suite to perform a variety of tasks, from keeping records and scheduling meetings to email communications. Google Suite, or simply G Suite, comprises a set of cloud computing and online collaboration tools, including Gmail, Hangouts, Calendar, Drive, Google Docs, Sheets, Slides, Sites, and many others.

In G Suite, access to folders and documents is defined in such a way that it is impossible to accidentally or intentionally leak confidential data. The platform provides role-based access control, one of the simplest and most effective ways to protect sensitive information and ensure confidentiality.

In our custom application development company, we set up strict permissions, so that only certain specialists can view, comment, and/or edit documents.

G Suite is used by multiple world-famous companies, for example, Nielsen, Colgate-Palmolive, Broadcom, MyRepublic, MediaNews Group, Virgin Active, etc.

6. Making use of data encryption

To secure sensitive data, our specialists use software tools that provide encryption. In our work, we mainly employ Slack, that enables enterprise-grade data protection, message encryption, log audit, identity and device management.

Additionally, we use WhatsApp private chats with E2EE (end-to-end encryption) for information safety. This is one of the best data security practices to prevent any leaks or breaches: in the end-to-end system, only conversation participants have the keys to code and decode messages. So, other parties won’t be able to read them.

7. Protecting against DDoS attacks

Distributed denial-of-service (DDoS) attacks are malicious attempts of intruders to overload the targeted system, website, or devices by accumulating a flood of traffic from numerous sources. The main objective is to produce high loads or make the required service unavailable.

Server crashes, a lot of spam, shutdowns are typical consequences that companies have to cope with. DDoS can be compared with traffic jams when it is difficult and time-consuming to arrive at the necessary destination.

Employing Cloudflare, Load Balancing, and other tools, our security experts optimize traffic, minimize spam, and avoid any threats. By providing high resistance, we prevent possible failures and ensure seamless user experience.

8. Providing physical data protection

Physical access to our company is possible only through a special key card. Thanks to an electronic system, we monitor a stream of people, including everyone who enters or tries to enter our office, as well as the time of arrival, departure, etc.

9. Training employees to secure sensitive data

All our specialists are trained to create robust passwords, regularly change them, not use the same credentials for multiple accounts, and employ secure applications for file sharing.

Our team members know what a phishing email is, which helps us prevent ransomware. We use only trusted computer programs, anti-virus products, and VPN connections to set up safe interactions with our customers, partners, as well as in our software house.

10. Regularly holding security audits

A security audit is a set of proactive techniques and approaches, which enables a company to detect existing vulnerabilities and avoid data security risks. Carrying out regular audits for hardware and software, we protect sensitive information and prevent any issues before they are severe.

Sufficient password reliability, sufficient file activity auditing, correct security configurations on all systems, the use of only compliant software and licensed programs, consistent access control lists (ACLs) on documents and folders are examples of those things that we ensure during check-ups.

Furthermore, our experts test recovery plans and incident response strategies while also enabling data retention. When necessary, we connect with third-party security consultants, so that they check out all the systems to exclude possible leaks and breaches.