Multiple Layers of Security
While we designed Encyro from the ground up for ease of use, we also made sure to incorporate the latest and greatest security safeguards. Rest assured that your sensitive data sent or received using Encyro is protected using a formidable suite of advanced security techniques.
Encyro uses multiple layers of security to protect your data:
Infrastructure (Servers, Data Center, and Network) Security
- Encyro’s system is hosted in security certified data centers, approved for storing financial data subject to Sarbanes Oxley Act, HIPAA privacy requirements, and other compliance needs.
- Encryption in transit: Encryption is enforced on all network connections, from your device to our server, our server to client devices, and all connections within our internal network. This protects data from eaves-dropping throughout the system.
- All servers, databases and storage networks are protected with independent firewalls.
- Encryption at rest: All data is backed up with encryption 3 times within each data center.
- Encryption at rest: Data is also backed up at one or more distant data centers for protection against major disasters. Remote backups are also encrypted.
- Automated Threat Detection: Real time automated threat detection using sophisticated continuous security and activity assessments is employed, with real time alerts sent to our operations team.
- Server software is automatically managed for regular operating system updates and security patches.
- Malware detection: Periodic malware scans are used to detect the presence of malware in user uploaded data.
Secure Software Design, Implementation and Operation
- Encyro uses multi-key encryption. A separate key is used for sending data to each user each time. Keys used within the data center never leave the data center and are never used for transmitting data across the Internet.
- Our software design uses many advanced security techniques including user input transformation to safeguard against SQL Injection attacks, brute force login detection and lockouts, and bot detection methods.
- Automated monitoring rapidly detects any anomalous behavior, including if the website is slow, and alerts our team. Serious alerts are sent directly to the CEO, demonstrating our commitment to exemplary service.
- Our software developers use secure software development techniques throughout the software development lifecycle. Best practices such as not storing passwords or credentials in software repositories, the use of encryption on development workstations, and using principles of least privilege (POLP).
- Software development uses sandboxed server environments and do not use actual customer data from production environments.
- External penetration testing, threat model reviews and vulnerability scans are employed on an as needed basis to continually evaluate requirements for additional security safeguards.
Organizational Security
- All data center access is restricted to a limited set of personnel and requires complex passwords, required to be changed periodically. Access to production environments containing actual customer data is strictly restricted to a small number of security trained individuals and all access is logged.
- Our personnel recruitment uses the Office of the Inspector General for known fraud information and requires rigorous background checks.
- While we constantly evolve our software to add new capabilities, every change is managed through a security compliance process. All software development happens on sandboxed servers with dummy data. Trusted senior personnel review and migrate changes to the production system after individually verifying them.
- Internal security policies are maintained for various key aspects of organizational operations, including emergency and disaster response procedures.
Making Security Easy
Being easy to use, Encyro helps enhance security for all its users as well.
- Because it is easy for others to send you secure documents using Encyro, they are less likely to avoid using the secure method and revert to email. Use the Encyro upload page to receive securely from others who are not Encyro users, as explained here.
- The Encyro user interface makes it difficult for an attacker to fake as someone else. The IRS reported a scam where attackers send an email that appears to be from a company’s executive asking the payroll professional for the employee W2 records. Email programs often display the sender’s name and not the email address, making it easy to confuse a fake sender with a genuine one. With Encyro, if a message comes from a different sender, even with the same name, it always appears in a new folder - so it is more difficult to confuse with a previously known contact.
- Read more about how Encyro makes it easy to safeguard your electronic communications.
You can start benefiting from Encyro’s security expertise through your own free account.