Data Security: How Safe Is Your Member Data?
With all the buzz around the recent data breach by Mindbody-owned Fitmetrix, this is an issue many are concerned about.The subject of data security can be quite confusing and is often misunderstood. That being said, data security is an integral part of doing business in this technology-driven age. Without it, companies can face fines, loss of consumer confidence, and other negative effects. We wanted to break down for you the things to consider with data security and show you how we keep your data extremely secure, so you can have peace of mind. Here’s our breakdown of what you need to know about our data security.
An effective PaaS should offer a highly customizable, easy to use cloud-based business management solution to enterprises and companies of all sizes. They empower organizations to engage with their communities, provide access to real-time data - to make informed decisions - and much more. Download our security datasheet for a better idea of how you can better protect your data with a PaaS platform like ours.
Consequences of a Breach
There are many things that happen when a data breach occurs. The reputation of the organization is jeopardized, with consumers not feeling safe with their data being on your servers. For instance, Mindbody, a popular gym scheduling service, recently came under fire after its fitness tracking company FitMetrix exposed millions of user records.
In more severe cases, your clients’ financial accounts may have to be changed or updated, causing an inconvenience for them, as well as potential for identity fraud or fraudulent charges. If the hackers want to, they could also shut down your site: resulting in lost revenue and business. Additionally, there is potential for fines, lawsuits, and more. Obviously, these are things that are worth avoiding.
Service Provider Security
As more businesses move to the cloud, it’s essential that companies work with partners that understand best practices for cloud security and provide transparency when it comes to their solutions. PerfectMind has both a dedicated and a shared environment. Clients have their dedicated databases that are individually encrypted. Controls such as ITIL Security Management and ITSM Change Management are in effect. The financial information, passwords, and other sensitive information is encrypted in the system and saved as encrypted in the databases. The keys are only accessible to select development team members. More secure encryption can be provided if required. Access to encrypted secure data is also limited to select group within the company that is reviewed and revoked periodically.
Additionally, all access logs and database logs are available for review and tier-3 and development team members can help with tracking any breach. We take security very seriously and have monitors in place to catch unwanted access, while taking every precaution to avoid security holes. PerfectMind offers a complete audit log that tracks all changes within the system for clients, activities and facilities which keeps record of anyone that made the change as well as all details of the change such as time and date.
Compliance to PCI rules and regulations
PerfectMind complies with all PCI rules and regulations on all PerfectMind production servers, with type D PCI-DSS compliance, and achieved through designing a system aligned with the requirements of security of cardholder data. A third party company scans the PerfectMind system quarterly, in order to ensure the security is held. We also self-assess the SAQ for compliance and do so biannually. These are all done to ensure your data is as safe as can be.