At AssetLab and Balloon Suite, we take your security and payment data protection seriously. As a small business, we understand the importance of ensuring that your data is secure, especially when it comes to payment processing. We’ve implemented several safeguards to ensure our services are PCI compliant, protecting your personal information at every step. Here’s an overview of the steps we take to keep your data safe.
Storing Payment Information Securely
We’ve made a strategic decision to use Stripe, a trusted payment processor, for all credit card transactions. This means that all your payment information is securely stored with Stripe, and our team has no access to it. By doing this, we reduce the risk of unauthorized access to your payment data. In fact, we do not accept payments over the phone or through any other methods, as this would require handling payment information directly. Using Stripe helps ensure that all sensitive payment data remains secure and under their specialized protection.
Managing Passwords and Secrets with BitWarden
To further protect our business and your data, we use BitWarden, a corporate-level password manager, for all password and credential management. BitWarden enables us to:
- Control Access: We can easily manage which team members have access to specific credentials based on their roles and responsibilities, limiting exposure.
- Prevent Clear Text Storage: None of our passwords or secrets are stored in clear text, ensuring that credentials are always encrypted.
- Maintain Secure Sharing Practices: If we need access to a system on your behalf, we request direct access for our own accounts. If this isn’t possible, we ask that you use our secure-secret-sending tool to share any sensitive information. This method ensures that the information only reaches the intended team member, with no unnecessary exposure.
Secure Channels for Communication
Our team members are trained not to request or accept any sensitive information outside our secure communication channels. We know this extra step can sometimes slow things down, but we believe that protecting your data is worth the trade-off. We take every precaution to ensure that your data remains secure from unauthorized access at all times.
Working Only with Secure Tools
In addition to safeguarding passwords and payment information, we carefully choose the tools we use and offer to our clients. Any tool we use must provide:
- Proper Encryption of Credentials: We work only with systems that properly encrypt credentials, adding an extra layer of security.
- Encrypted Connections: Ensuring an encrypted connection between your browser and any tool we offer as part of your service is a requirement. This helps prevent data breaches while you interact with systems and protects your sensitive information while it’s in transit.
Preventing Phishing and Spam with Google Workspace
Email security is a top priority for us. To help protect our communications, we use Google Workspace’s robust filtering features. This helps us:
- Block Phishing Attempts: Google Workspace automatically detects and blocks many phishing attempts, protecting our team from potentially malicious emails.
- Reduce Spam: Advanced spam filtering helps keep our inboxes clean and ensures that we’re not exposed to harmful links or content. By filtering out these risks, we can focus on important communications without interruptions or security concerns.
By leveraging Google Workspace, we add an extra layer of security to our email communications, keeping our business and your data safer from cyber threats.
Device Security with a Small Business IT Firm
To enforce data encryption and security practices across our business devices, we work with a small business IT firm: South King Technology Services. Jeff recognized some time ago that his days as IT support and expert are over and it was time to work with professional level service.
This partnership with South King allows us to:
- Secure All Devices: From computers and laptops to mobile devices, we ensure that each device is encrypted and equipped with advanced security protocols.
- Require Login Verifications: To make sure users accessing our computers are allowed and on the team
- Wipe Data on Stolen Devices: In the unfortunate event of a device being lost or stolen, our IT firm can remotely wipe the device. This action helps prevent any sensitive information from being accessed by unauthorized individuals.
This approach ensures that all of our devices are managed with security in mind, reducing potential vulnerabilities and ensuring data safety even in unexpected situations.
Annual Audits and Continuous Improvement
Security is an ongoing commitment. We perform an annual audit of all our security practices and tools to identify potential areas for improvement. This proactive approach ensures we stay ahead of emerging security threats and continue to protect your data with the best practices available.
Additionally, our team undergoes regular training to understand the importance of maintaining secure data practices. We prioritize these training sessions, so our team members are always up to date on the latest protocols.
Next Steps: How You Can Support Business Security
Your role is crucial in maintaining security. Here’s how you can help:
- Consider higher security for payment information using a payment portal like Stripe or Serenity
- Consider higher security for passwords using a tool like BitWarden instead of a file or hand written notes
- Use Secure Methods for Sharing Information: If you need to provide us with credentials, use our secure-secret-sending tool. Avoid sharing passwords through email or text.
- Be Cautious with Payment Information: When working with any service, always ensure they’re using a secure, PCI-compliant payment processor.
- Add a Review Process: Add an annual task to review how your business is handling payment information and secrets and make an action plan to continuously improve each year
- Ask Questions: If you’re unsure about any part of our security practices, don’t hesitate to reach out. We’re happy to provide more information.
The AssetLab / Balloon Suite / Serenity team is dedicated to providing services that meet your needs including the needs you don’t think to ask for. Thank you for trusting us with your business.