The Ultimate Security Checklist

Robert Leefmans
Apr 19 2021
Posted in Best Practices

Here's the Ultimate Security Checklist for your Customer Engagement platform

Every year we send out a Privacy and Security Compliance Check to our clients as a reminder to update their essential security settings. Yet, security is not something to check only once a year; that's why we've created the Ultimate Security Checklist for you and your team.

Using this comprehensive checklist, you can regularly check whether all your dashboard's settings are still in line with the current standards, law, and company policies.

  1. Secure your login
    When logging in to the Notificare's Dashboard, by default, all accounts require to set up Two-Factor Authentication (2FA). 2FA adds an extra layer of security to your accounts. It requires an additional credential – beyond just the username and password – to gain account access. And getting that second credential requires access to something that only belongs to you, like your smartphone. By using an authenticator app, you prevent sharing an account's login credentials. It will ensure you that the access is on a personal level; guaranteed! 2FA is enforced for all Notificare accounts.

    In addition, you can enable a Password Policy. This step will offer yet another layer of protection by forcing all accounts to change their password every 45 days. When you enable Password Policy from the app's owner account, all other accounts you share your apps with will inherit this policy.

  2. Get your IP Whitelisted
    Besides adding these extra layers of security on the dashboard's interface, you can also add an extra layer of protection to all the back-end apps that use our REST API. Ideally, you want to create accounts with a level of access for your apps whose sole purpose is to gain access to our REST API. Back-end apps can then use these accounts' API Keys to access the Notificare's REST API to perform several operations. From creating campaigns, to import or export data, IP Whitelisting these accounts guarantees that these apps will only be accessing your data from a specific location.

  3. Set Data Retention Policies
    To be compliant with your internal data retention policies and with the GDPR, the Notificare's Dashboard lets you configure retention settings for each type of data you store for an application in the platform. The Data Retention settings can be found in the Settings menu of your apps.

    If you did not configure these settings yet, the dashboard shows you a warning to accept the default settings of 730 days (2 years) or change them according to your needs. All data older than whatever thresholds you define will be discarded.

  4. Sign the DPA
    The Data Processing Agreement (DPA) is a mandatory part of the GDPR and describes who is responsible for processing personal data. Notificare offers a possibility to arrange for a tailor-made document, but in general, it is easier and sufficient to use the Self-Signed DPA. All you have to do is enter the dashboard, go to Your Account > Legal and pick Data Processing Agreement after clicking the New Document button. Sign this DPA and return it to us. We will then make sure that this (signed) document will appear in the dashboard for your reference.

  5. Update legal Contacts
    In the Notificare's Dashboard, there is a section where you can update your contact information. With an up-to-date list of contacts, the Notificare's Support Engineers know exactly whom to contact if needed. Make sure this list is always up-to-date so that you can be informed of issues and incidents without any delays. Go to Your Account > Contacts and select New Contact. Fill in your Primary Contact, Data Protection Officer, and EEA Representative.

  6. Subscribe to Warnings
    With Push and Email notifications, we'll make sure that you are informed about issues that arise for your application. Warnings like expired certificates, import or export jobs or account related issues. Make sure all your team members are subscribed to email warnings by enabling this in your account.

  7. Share & Revoke Access
    Once you've configured all the app's environments (DTAP) you need in Notificare, then you will need to invite all the people who will work with these apps. From your internal staff to 3rd party suppliers, you will be required to define a role and invite them to access your app. Depending on the role you choose, these accounts will have a certain level of access to your apps. And, even more important, as soon as an account no longer needs access to your apps, make sure you revoke its permission.

Need help?

The General Data Protection Regulation, or GDPR as it is generally known, came into effect on the 25th of May 2018. Since then, more and more organizations are becoming aware of the importance of security and privacy. Notificare is ISO 27001 certified and strives to provide you with all the privacy and security options so that you and your team can confidently work on the best experience for your customers.

If you need help undergo a security quick-scan, or exchange thoughts with one of our experts, please contact our sales team.

Keep up-to-date with the latest news