Increasing cybersecurity attacks have raised the awareness of data protection among individuals and organizations. At Qiscus, we guarantee that data protection is our utmost concern. We provide extra protection in securing users’ sensitive data and data traffic from Qiscus’ platforms.
For many tech companies, cybersecurity attacks are one of the greatest concerns, including for us at Qiscus. In the first half of 2019, Risk-Based Security reported over 3,800 data breaches, which equates to a 54 percent increase in 2019. Healthcare services, retail, finance/insurance, public administration, and IT were the top five most impacted industries. Understanding this very well, Urs Holzsle, Google Cloud’s Senior Vice President of Technical Infrastructure, stated profoundly:
“Now more than ever, it’s important for companies to make security an utmost priority and take responsibility for protecting their users. … Any organization is accountable to people above all, and user trust is crucial to the business. If we don’t get security right, we don’t have a business.”
In response to that matter, Qiscus, as the multichannel conversational platform provider, has taken extra precautions for its Information Security Management System. The double step of security primarily aims to secure user’s sensitive data and data traffic from Qiscus’ platforms such as its Qiscus Multichannel, in-app chat software development kit (SDK), and Qiscus Meet.
Double Step of Data Protection
Qiscus guarantees that we secure all users’ sensitive data and use personal and service data only for technical assistance, payment, or third-party integration purposes. The personal data previously mentioned consists of the personal name, organization name, address, phone, and debit/credit card details. As for the service data, it comprises the IP address, browser type, among others. Read Qiscus’ privacy policy should you still be unsure about our data protection policies.
In relation to this, the tech giant Google believes that encryption in transit aims to:
“…protect the consumer’s data if communications are intercepted, while data moves between the consumer site and the provider or between two services. The protection is achieved by encrypting the data before transmission, authenticating the endpoints, and decrypting and verifying the data on arrival.”
As the tech company who directly dealt with users’ information, we also think that encryption is essential, and thus encryption applied for both data in motion and data in rest. Qiscus uses the SSL certificate to conduct data traffic securitization. First, we encrypt data using SSL AES 128-bit or 256-bit when it transits via the public network. The previously mentioned SSL type is powerful in encrypting data and minimizing data breach. Later, when the data is at rest, Qiscus encrypts it using the SSL AES 256-bit.
Furthermore, the process can be done, among others, by managing the SSL certificate, such as the 128-bit or 256-bit SSL certificate. The 128-bit SSL certificate is able to crack the cryptographic key within 1.02×1018 years, while the 256-bit SSL certificate cracks it within 3.31×1056 years. The 256-bit SSL certificate is eventually better, but rapidsslonline.com reminds us that:
“…your website will not use whichever symmetric encryption for every connection. Instead, it depends on the technology in place you could be looking at, with more variables in these equations than just your certificate.”
Besides, Qiscus understands that server security is also the user’s biggest concern. In Qiscus, we only use a cloud server from a trusted data provider that owns the standard information of data security’s compliance certificate such as ISO27001 and the SOC 1/2/3 among others.
Finally, Qiscus also periodically assesses the cloud server provider’s conformity to ensure the data traffic in Qiscus platforms is always secure.
Qiscus Provides Extra Protection
In some cases, some information requires further protection, proven by the certificate of the HIPAA, GDPR, and many more. As a solution, Qiscus facilitates these requirements by providing an on-premise service, a solution hosted in-house, and usually supported by a third-party if your party is having a problem when our security compliance does not allow third-party hosting.
However, it is wise to remember that data security is not an issue that should be tackled by the tech company and computerized tool solely. As mentioned by Urs Holzle, “At its most basic level, security is a human issue.”
Hence, users also have the responsibility to protect their accounts using a frequently changed strong password. Qiscus also suggests that users avoid using a frequently used password when signing up for Qiscus platforms to avoid data breaches.
We are also aware that most crimeware patterns use the password dumper to obtain a stranger’s password. As reported by Verizon concerning the manufacturing context in 2020, “Data from this past year shows that manufacturing is beset by external actors using password dumper malware and stolen credentials to hack into the system and steal data.” Hence, the user should be aware of the risk and secure passwords differently in each platform you access.
Besides that, we also instruct all Qiscus users to contact [email protected] if you are suspicious of a possible data breach on Qiscus platforms. We will be happy to take care of the security of your data.
