TTE ADVISORY BOARD: Tips on Securing Your Data
October may be a spooky month for your horse when the wind kicks up and the imaginary ghosts take over the spooky corner of the ring - but it doesn’t have to be for keeping your data (and your horses’ information) safe. In the tech world, data is sacred and there are many bad actors that want to misuse and steal your data for monetary reasons. With personal data widely available online, we asked The Tech Equestrian board members two questions: 1) How does your company protect your subscribers/customers data when they download your app or visit your website? and 2) What would you recommend equestrians do to protect their data and their horses data?
1) a. Extremely stringent access control policies and and three-factor authentication practice for all dev ops credentialed team members.
b. Use single-provider cloud infrastructure with a proven track record in security.
c. Keep all infrastructure up to the latest version levels and use/deploy all optional security enhancements.
d. Protect keys with an encrypted key management system.
e. Put application code through an independent security audit with each new release.
2) a. Use an applications’ overall quality as a barometer on their security. Glitchy apps usually come with glitchy security.
b. If an app does not have a quick and easy way to delete your data, it probably does not value it.
c. Watch for apps with a lot of 3rd party integrations. Apps that integrate with others lose data custody.
d. Remember the golden rule of using software products. “If you do not pay for the product then you (and your data) are the product.”
- Dave, mystride
The Piavet Platform is a secure place for equine practitioners to monitor patient health, share information with their team, and manage patient care. We protect not only our users' data, but also that of their patients and clients. As a rule, Piavita only collects data that is actually necessary and useful for the operation of the system. All data is transmitted via a secure SSL encryption and processed within the framework of the GDPR. The servers on which the data is stored are located in Germany and are subject to the strict regulations of the Data Protection Act. Data will not be passed on to third parties unless the customer explicitly agrees (e.g. when requesting a DiploVets Report). Passwords are not stored as plain text and are checked for password strength when assigned. There are a number of other technical securities in place, but in the spirit of this topic, it's best not to disclose them all!
You should always use unique, secure passwords wherever data is stored. And never use the same passwords for different platforms or services. If you worry that you can't remember them all, use a secure password manager such as Dashlane or LastPass. Enable two-factor authentication when available, never leave analogue data lying around, and do not disclose sensitive information by email or phone.
- Dorina, Piavita
We store our subscribers' info and data on a platform with top-notch data security - each app is isolated in its own environment to prevent security/stability issues; data is stored in separate access-controlled databases with ssl encryption and more; a vulnerability management process and protocols; and 3rd party security assessments. We upgrade our infrastructure as needed to take advantage of the security upgrades our providers install. We do not share user data with anyone, with the exception of 2 financial integrations that require the subscriber to give permission to push selected information to those financial services.
Do not share your username or password to any service with anyone. For example, StableSecretary enables subscribers to add team members so that each team member has specific username and password and selected permissions. If a team member needs to be removed, the subscriber can easily delete the team member and access is automatically revoked. Also, remember to logout of applications if you are on a shared computer. Mostly, do a background check to make sure that you are using reputable software, and check their Privacy Policy and Terms of Service.
- Kate, StableSecretary