Data Safety and Encryption

Hi
I’m not sure if this question has been asked before and I couldn’t find an answer when I looked.
In the light of recent news about hacking of data (eg; Talktalk), do we know if the user, customer, and supplier personal data stored on the Quickfile servers is encrypted. If the servers were ever attacked, albeit unlikely, would this data be safe?
I have a registration with the Data Protection Agency, and I am required to keep my customer’s data secure, but these are now passed on to Quickfile, and I need to be able to reassure myself and DPA (if I’m ever asked), that there is not a weakness here.
Regards, Richard Flower

This may be of interest to you:
http://community.quickfile.co.uk/t/data-security/9068

Thank you, that does seem to answer a related question about security of data communication between your servers and our browsers. But what about the actual data stored on the servers themselves, is that plain text or stored in encrypted form?

We store sensitive information on our database in an encrypted format, e.g. passwords and login credentials. We don’t store all information in an encrypted form and this is not necessary under the DPA. We do however go to great lengths to ensure that the data is kept secure and regularly audit our own systems.

We are also registered with the Information Commissioner’s Office (Reg: Z2597654).

Thank you Glenn,
Is encryption of client data something you might be considering? I understand, for example, that TalkTalk did not consider it necessary, but events seem to indicate otherwise.
I believe you are correct that it is not a requirement of DPA. However, I operate a server which contains sensitive customers data, protected in much the same ways as I’m sure your’s are, and have made the decision to encrypt all client data, just in case the server were to be compromised.
I believe it is a worthwhile safety step.

It would be technically very difficult to do this. When you search for a client (or any other sort of textual search) it runs a query against a very large dataset that compares the partial search with the client names. If they were in an encrypted state the server would need to first decrypt millions of records before the query can be fulfilled. The performance overhead involved would be huge. With predictive searches it’s actually running a query with every key-press.

The best practice when it comes to securing data is to hash sensitive credentials like credit card numbers and passwords. We don’t hold any credit card details on our servers but we do hash all passwords we store.

From what I know the Talk Talk hack was due to a simple SQL Injection, this is a vulnerability that has been around for over a decade. It is very well documented and easy to protect against.

1 Like

Hi Glenn,

As you say the encryption route is not a practical solution for all user data.

However, it is also generally accepted that protection from SQL Injection attacks can never be guaranteed to be safe.

We are currently in the process of developing a Multi-Tenant Data Architecture, which does guarantee that hackers will never be able to access other users data.
Is this something that you would considering doing?

Regards,
Vince Corbin

Going multi-tenanted would be a huge transition from where we are now, also the overhead of managing this would be much greater than running a centralised service. Things like Docker and application containers are still in their infancy (at least with .NET). There are also other consideration like licensing costs, maintenance and applying updates, many of these problems will likely be solved in a few years but it’s still a big pivot for a company like ours to make.

Also I don’t think multi-tenanted solutions will fix things like SQL injection vulnerabilities, if there’s a bug in the code base it will exist on all instances of the application.

Just wanted to add my 2 cents to the discussion here as it may prove useful for other readers;

I think it’s prudent for all business owners to ask themelves on a regular basis:

What is the sensitivity of the data I am storing on system ‘X’, what is the impact of the data being available in the public domain and do I absolutely need to store all of it?


Depending on your answers to these questions, you’ll likely have some key actions:

If the sensitivty of the data you are holding in a system > the level of security controls in place on said system, then you need to take immediate steps to:

  • Relocate the data to a more secure system
  • Remove the data from the system

If the system has a duplication of data from an existing system E.g. in-house CRM with customer names & addresses:
Then should consider steps to:

  • Remove the duplicate data from the system

Am I taking all necessary percautions to safeguard against unauhorised access and data loss?
You should consider steps to implement:

  • Complex - Alpha Numeric - Unique Passwords on all critical systems. In a previous life I worked for 13yrs in large IT Consultancy firms as a systems engineer. The amount of passwords and shared accounts which were detectable from spending 30secs at someones desk was very, very distrubing…
  • Two Factor Authentication (2FA) if the system allows it. The wider introduction of this technology over the last few years is a great step forward in my opinion and allows an extra level of protection against those people whom follow the point above…but then write it down on a post-it and stick it to the keyboard… :frowning:
  • Local Device encryption and protection keep in mind not only the system you are accessing, but also the device from which it is connecting from etc.

As a TalkTalk business customer I am more than mildly annoyed :angry: that there has been a breach which was clearly avoidable but reasonably assured that by revewing the above I am ‘safe’ and our customers data is as protected as possible.


In answer to the OP’s post:

I would hazzard a guess that potentially you’re storing more data than you probably need to in Quickfile.
Do I really need to store my full customers details in this system? Could I just capture the invoice numbers here and using a reference number tie them back to my own offline/more secure system etc.

Richy.

1 Like