Although we perform a yearly checkup of every account's security features, it is always a good idea to remind you of what you can do to keep your account, and ultimately your customer's data, safe. By using all of the features listed below, you can make sure that your organization is compliant with local regulations and your data is safe from unauthorized access.
Login with 2FA
By default, all accounts in Notificare will be required to use Two Factor Authentication in order to login into our dashboard. This mechanism adds an extra layer of protection to your account by requesting a 6-digit code, in addition to your account's password. These codes are generated by a different channel, in our case, by an app you install on your phone. We officially recommend Google Authenticator. It's free and works great on both Android and iOS.
According to Microsoft, using multi-factor authentication blocks 99% of automated attacks.
Password Policy
Strong passwords are the first line of defense in protecting your business data and customer information. By default, our platform will already enforce the creation of strong passwords whenever you signup.
Additionally, it is also highly recommended that every account in Notificare has Password Policy enabled. With this feature, we will make sure you are required to change your password every 45 days.
And as an app's owner account, when you enable Password Policy, all other accounts you share your apps with will inherit this policy.
Share & Revoke Access
We made it extremely easy to manage how other accounts access your apps. In most organizations, multiple accounts will need access to an app on a permanent or temporary basis. Therefore it is extremely important that you keep this list up-to-date by revoking access whenever a staff member leaves your organization or a supplier is no longer involved in the project.
Roles
For each account you share apps with, you will be required to assign a role. Roles determine which kind of access an account has in a specific app. There are roles for basically any type of access, suitable for both your organization's staff or 3rd party suppliers.
Keeping access to the bare minimum is a great way of making sure your data is safe and only accessible by authorized personnel.
IP Whitelist
Just like staff members or suppliers, access to your apps by backend applications should be treated with the same care. By creating specific accounts with certain roles, this should help minimize any risks associated with granting API access to your apps. On top of that, API access can be restricted to specific locations, thanks to our IP Whitelist. This will make sure that the API Keys, used by these applications, cannot be used from unknown locations.
Audit Log
For your security, scrutiny and forensics in case of mishaps or malicious use of your account, we record every operation performed with your session tokens. This list should assist you with monitoring data for any possible security breaches or vulnerabilities.
Legal Contacts
In case of data breaches or any security incidents, our support team will get in contact with whomever you've appointed as your Data Protection Officer. Therefore, it is extremely important that you keep this list of contacts up-to-date.
Data Retention
To be GDPR compliant, you will need to make sure that Notificare does not keep personal data, in a form that permits identification of the individual, for no longer than is necessary as stated by your organization's privacy policy or terms of use. We've made it extremely easy to manage these retention settings and you should revisit these, whenever your company's policies change.
Keep Informed
For your commodity, we will get in touch with you, by push or email, whenever issues arise with your account or apps. Things like expired certificates, account-related warnings or data import or export, will trigger system messages that will keep you in the loop and aware of what is happening.
It is important that you keep these settings enabled or risk missing any important messages.
All these settings can be managed from Your Account menu, in our dashboard, and more in-depth guides can be found in this page.
Let's beef up security!
Notificare is ISO 27001 certified and strives to provide you with all the privacy and security options so that you and your team can confidently work on the best experience for your customers.
Additionally, if you have any questions, we are available via our Support Channel.