Here at Ballyhoo, we take security seriously. Not only should every business practice good security, but as we have lots of clients relying on us, security is paramount.
Here are a few ways that we stay secure, giving our clients peace of mind.
How We Keep Our Clients Safe
We use password software to keep all of our passwords safe – for both our internal business operations and our clients’ websites. This works by keeping passwords in a database, which is locked with a master key. This key is not kept on site at our HQ, and the master key is updated frequently. All files and passwords are encrypted using industry standard algorithms, making them inaccessible to others.
If you are one of our clients, chances are you’ve heard us asking you for your authorised contacts. Authorised contacts are users that are allowed to ask for website changes and make requests.
Our CRM is updated frequently with these contacts, ensuring that only authorised contacts can make requests for your website or marketing campaigns. What’s more, we ask you to kindly inform us if any of your authorised contacts leave employment, so that we can remove them.
Our Green certified hosting has security at the heart of it. Our server has a firewall, and can only be accessed if a user is granted permission, with certain rules set up that users must meet. What’s more, we have an uptime monitoring system to ensure that websites suffer minimal downtime.
We also have tools in place to actively monitor traffic and look for suspicious behaviour. Any connected parties behaving badly will be temporarily then permanently banned from accessing our platform.
We have two-factor authentication (2FA) set up on our devices and accounts, giving us that extra wall of security for users to get through to login. We advise all of our clients (and everyone in general!) to set up 2FA on all of your accounts and profiles across the web that offer it.
We are on a private network, and even though we are in a serviced building, we have a dedicated router that our devices go through. This gives us another layer of security, and allows us to have a company firmware activated.
We completed a full GDPR audit that was set up in 2016 when the law came into force, and all policies are reviewed annually.
Destruction of Records
Physical records are only kept by extent of the law and these are then destroyed securely, with destruction certificates provided. Our hardware in the office is also destroyed by a third-party eco service – including computers, company phones and more.
We use Google Drive to store our files and make use of Shared Drive to organise access. We regularly update permissions to ensure that only relevant team members have access to files, and ensure that any files shared outside the organisation are reviewed frequently.
As standard, we require all websites that we create or host to have an SSL certificate. SSL certificates allow users to browse and use your website securely. An SSL certificate encrypts communicated data that you and your website are using – such as when a user fills out a contact form. This means that all information will be encoded, so that other people (hackers) cannot make sense of the information even if they were to manage to intercept it.
We have years of experience with SSL certificates, and we also have the ability to use extended SSL certificates that give features beyond the standard certificate.
Secure Card Payments
Clients can pay our invoices by card online using Stripe, or can set up direct debits via GoCardless. We do not have access to card or bank details nor do we store them.
Work With a Security Focused Agency
Working with Ballyhoo has lots of positives, including that you can be reassured and have peace of mind about security and protection. Contact us now to work with us.