Privacy Notice: Is it safe, is it secure?
It is your data and therefore you need to keep it safe. The other elements of our Privacy Notice will identify who we are, why we’re processing data, what does that mean and reminds you of your rights.
We are a communications and cyber security solutions provider so it would be a bit daft if we didn’t deploy the solutions internally that we propose our customers should use.
Communications:
Email - Cloud Service:
This encryption happens as it is written to disk with distinct encryption keys using 128-bit or stronger Advanced Encryption Standard (AES). This encryption takes place between Incommsec and the email provider’s server infrastructure.
Telephony - Mobiles
Personal data is not accessed from any device other than customer’s or prospective customer’s telephone details for the purpose of calling. Devices are encrypted using the manufacturers password, and/or biometric security.
Encryption:
PC Device Encryption:
Full-disk encryption using XTS-AES-128 encryption with a 256-bit key preventing unauthorised access to the information the device. Encryption occurs in the background, new files that are created are automatically encrypted as they are saved to disk.
Email Encryption:
When personal data is sent via email we require it is encrypted this includes the body of the text and any attachments. The solution utilises identity based AES 256-bit encryption using FIPS 140-2 approved cryptographic libraries. This provides the highest level of security for complete end to end data exchange
AV, Anti-Malware & Back-up:
AV & AntiMalware:
We use four independent solutions as a means of multiple defence as we believe no one solution is 100% effective. All four are set to monitor continuously. Operating at the domain level filtering email traffic in and outbound, at the endpoint for standard AV and at the endpoint and network for anti malware.
Back up:
Data is backed up to a cloud solution that allows offsite DR and BCP delivery. We are able to monitor cloud storage activity, identify removable media, audit trail for activity and add context to exfiltration alerts.
Review:
Technology is ever evolving and we may add/remove solutions as and when it becomes apparent that a better practice if available. Our review process is monthly and part of our GDPR compliance programme.