Security Measures
SUMMARY
SmartPractice uses advanced Dedicated Servers available from 1-Grid. 1-Grid is a leading hosting company in South Africa and serves numerous large Corporates in South Africa and overseas. Managed Servers: Data is backed up daily using specific backup software. Five backups are kept. End-to-end encryption: SmartPractice uses Comodo security to ensure that encryption of data is ensured. Users will notice that in front of the url the letters https appear. That indicates that the user is behind a secure environment. Data transmitted from the browser to the server is encrypted and useless to hackers. See below for more information SSL certification. Anti-Virus: SmartPractice uses ESET File Server Security to protect the servers from Viruses, Malware and Ransom ware. ESET is renowned as being one of the best anti virus systems and is being used by Corporates like Honda, Canon and Allianz. See below for more information on ESET Separate data tables for each client. This means that each profile have its own separate space on the server and only users with the necessary authentication i.e. staff who has been created as users can access the files for upload or download. There is no shared database
HOW SSL/TLS ENCRYPTION WORKS
Secure Sockets Layer (SSL) technology protects transactions between your Web site and visitors. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works. A browser requests a secure page (usually https ://). Once secure transaction is initiated. The web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party (usually a trusted CA such as COMODO), that the certificate is still valid and that the certificate is related to the site contacted. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data. The web server sends back the requested html document and http data encrypted with the symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information. In addition to encryption security, SSL certificates gives important visual cues to website visitor that they are in secure environment.
ESET ANTIVIRUS
• Ransomware prevention
• Zero-day threats detection
• Data breaches prevention
• Botnet protection
MULTILAYERED DEFENSE
A single layer of defence isn't sufficient in today's constantly evolving threat landscape. All ESET endpoint products have the ability to detect malware pre-execution, during execution and post execution. An additional layer can be implemented in the form of cloud sandbox analysis with ESET Dynamic Threat Defence. By focusing not just on a specific part of the malware lifecycle, this allows ESET to provide the highest level of protection possible.
MANAGEMENT SERVER
ESET File Security solutions are managed from a single pane of glass that can be installed on Windows or Linux. In addition to installation, ESET has a virtual appliance that you can simply import for quick and easy setup.
MACHINE LEARNING
All ESET products currently use machine learning in conjunction with all of our other layers of defence and have done so since 1997. Specifically, machine learning is used in the form of consolidated output and neural networks.
COMPLIANCE OF THE PROTECTION OF PERSONAL INFORMATION ACT (POPI)
The most affected industries are financial services, healthcare and marketing, but due to its broad scope the accounting industry is also affected by the Act. We have been meticulous in ensuring our platform is complaint to the act particularly in relation to the security of data.
The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information and account numbers. As accountants in practice, we process personal information daily and as such we are responsible for complying with the conditions. There are eight general conditions and three extra conditions summarised here: http://www.lexisnexis.co.za/pdf/POPI-Infographic.pdf
Through our platform an opportunity exists to easily comply with the POPI Act. Please contact us for any POPI Act concerns. enquiries@smartpractice.co.za