As today’s online customers and clients become increasingly mobile, the need for convenient but secure online services has become expected. Easy access, download and sharing of files coupled with secure, private messaging is one of the services eBiz Network offers.

Online file sharing helps solve some of the biggest challenges faced by certain types of businesses, including those related to email and mobile security. But secure file sharing is more than just password protection and a private server.  How and where files are stored, how they are protected, and if they are encrypted is important criteria to consider.

Effective file sharing solutions enable you to send and receive large files quickly while preserving the confidentiality of the data you are transferring. It also enables users to send and receive files from their devices using high-grade security protocols. If you can “check all the boxes” on the best practices list to ensure that your client data is protected 100% of the time – it can translate to more business and happier clients.

eBiz Network offers website components specialized for the transfer of sensitive data that requires compliance with security protocols. Our security measures for the protection of files and data encompass physical and infrastructure security of our servers, as well as website applications. For specific clients, we implement industry standard two-factor authentication to boost security even further.

Our server datacenters are co-located in some of the most respected datacenter facility providers in the world. All capabilities of these providers are leveraged, including physical security and environmental controls, to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our server datacenter facilities includes but is not limited to:

  • 24/7 Physical security guard services
  • Physical entry restrictions to the property and the facility
  • Physical entry restrictions to our co-located datacenter within the facility
  • Full CCTV coverage externally and internally for the facility
  • Biometric readers with two-factor authentication
  • Facilities are unmarked as to not draw attention from the outside
  • Battery and generator backup
  • Generator fuel carrier redundancy
  • Secure loading zones for delivery of equipment

Infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. Any system which houses customer data, or systems which house the data customers store, are considered to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored. Systems controlling the management network log to a centralized logging environment to allow for performance and security monitoring. Logging includes system actions as well as the logins and commands issued by our system administrators.

Security teams utilize monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures. Datacenter technical support staff do not have access to the backend hypervisors, nor direct access to the NAS/SAN storage systems where backups reside. Only select engineering teams have direct access to the backend hypervisors based on their role. Backups are stored on an internal non-publicly visible network on NAS/SAN servers.

Our server datacenter is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is necessary baseline for security. Our ISO/IEC 27001:2013 certificate can be viewed here. The datacenters are independently audited and/or certified by various internationally-recognized attestation and certification compliance standards. We employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.

Our datacenter actively participates in and complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce and the European Commission. The framework provides DigitalOcean a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

Website login for sensitive data exchange can be configured with two factor authentication (TFA). Users for whom it is enabled will require a one-time code in order to log in. An industry standard algorithm is used for creating One Time Passwords used by Google Authenticator, Authy, and many other OTP applications that can be deployed on a smartphone, computer or tablet.

2FA secures logins so there’s more than one link in the chain needing to be broken before an unwanted intruder can access your website. By default, user accounts are protected by only one thing: a password. If that’s broken, then everything’s wide open. “Two factor” means adding a second requirement which is a code that comes to a device the user owns (e.g. smartphone, tablet) – so, no one can access your website without physically having your device.

This is often called multi-factor authentication instead of two-factor – because systems can be configured with many factors.

For most common 2FA processes, a numeric code is shown on your phone, tablet or other device. This code is sent via an SMS; thus it depends on the mobile phone network working. Our solution does not use that method. Instead, it uses a standard mathematical algorithm to generate codes that are only valid once, or for only for 30 seconds. Your phone or tablet can know the code after it has been set up once (often, by just scanning a bar-code off the screen).

Encryption is imperative to the security of your data. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use that information.

More specifically, SSL is a security protocol. Protocols describe how algorithms should be used. In this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted. All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.

SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an Extended Validation SSL-secured website. SSL-secured websites also begin with https rather than http.

To ensure the privacy and security of a client firm’s files, our file sharing software includes:

  • Network firewalls to prevent unauthorized users from accessing private networks.
  • Our file sharing solution encrypts data using AES 256-bit encryption protocols, the same encryption standard used by the U.S. government.
  • Activity reports enable administrators to track every download, upload and file modification that occurs on their website.
  • Industry compliance capabilities. Accountants, for example, have strict compliance guidelines that must be met when it comes to storing and sharing files. Therefore, our file sharing software supports FINRA regulations and Generally Accepted Privacy Principles (GAPP).

Note: We do not provide hosting services for HIPAA security compliance, as is required by medical or health care providers. 

Accountant firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information, and is especially true for firms that offer online, web-based access to customer account information.

Intrusions are generally accomplished through the theft of the login credentials of a customer or firm employee. Use of two-factor-authentication for login elminiates theft of login credentials. Also, companies have to establish and maintain a supervisory system with written procedures, reviewing incoming and outgoing electronic correspondence on a regular basis. This reporting compliance is provided for accountant websites on the network.

eBiz Network sites created for accountant firms offer “secure file sharing” as an optional method to be used to send or receive files. Cloud server file storage is temporary and encrypted files are deleted from the web server automatically after 30-days to heighten security.

Workflow audit trails, configurable permissions and intuitive reporting tools allow website admin insight into and control over who is accessing data and when.  Activity reports enable administrators to track every user activity including downloads, uploads and file modifications that occur on their website. Added layers of protection with two-step verification for account logins heightens security.