Cyber Security
Cyber security is of utmost importance and has been integral to the creation and advancement of our online background screening platform. We meticulously address prominent cyber threats including viruses, denial of service attacks, and other malicious activities on the Internet. Additionally, we are committed to safeguarding the integrity and confidentiality of sensitive data within our cyber background check system, such as credit reports, social security numbers, and other personally identifiable information.
Our programming/IT team uses the best, leading technology to secure our website and the environment in which it operates. This includes client authentication (Password controlled access), encryption of data, public-private key pair, firewalls, intrusion detection, filtering routers and data backups. Each of these components acts as a layer of protection to safeguard information from unauthorized users, deliberate wrongdoing and inadvertent loss.
User authentication
All access is password controlled and continually requires users to authenticate through a private login ID and passcode before access is granted. After a user is authenticated, sessions that remain inactive for a period of time will expire, requiring the user to re-authenticate before continuing their session. Additionally, user accounts that remain inactive for extended periods of time are automatically disabled. User Passcodes are protected in the system by using sophisticated hashing schemes and should never be shared with anyone. Passcodes must be reset at least every 90 days and must be different from the previous three passcodes. They need to be at least 8 characters in length and contain at least one each letter and digit. A passcode recovery feature is in place to allow a user to retrieve his or her login ID and or reset a forgotten passcode after answering several pre-configured security questions and a CAPTCHA.
IP Restrictions
System access can be further restricted at the client or user level by IP address(es). Any attempt to access our system from an IP address outside the authorized range is rejected.
Encryption
All transactions are performed in a secured environment. Access to our system requires use of HTTPS. Supported web browsers automatically secure the session communications using the Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 protocol using 128-bit encryption. All data is encrypted as it travels between the client web browser and the InstaScreen servers and can only be decrypted with a public and private key pair, thus protecting against eavesdropping, server impersonation, and stream tampering.
Firewalls, Intrusions Detection and Filtering Routers
The systems servers are protected by firewalls, intrusion detection, and filtering routers which verify the source and destination of communications. The firewalls and routers are configured to reject any unauthorized, suspicious, or disallowed traffic. Routers keep out traffic that does not emanate from either end of the secured session between the client and the server.
Physical Security
The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans. Door, glass, and motion events at the facility are digitally recorded and archived, as well as observed live by facility staff for any suspicious activity. UPS systems and a 500-kilowatt diesel generator ensure electrical service to the facility. Multiple fiber providers provide Internet connectivity with diversified entry points into the facility. The cooling system incorporates redundant components, excess capacity, and high-efficiency technologies to maintain an optimal operating environment for the servers.
Data Integrity
Database servers are configured with mirrored hard drives to provide real-time, fail over redundancy. Additionally, nightly backups of data are scheduled, with archives removed weekly to an offsite location for additionally redundancy.
Our Client’s Responsibility
It is the responsibility of clients to securely protect their password and refrain from sharing or revealing it to anyone, under any circumstances. Our staff will never request a client’s password. Clients must also prioritize the security of their online sessions by logging out of the system completely when finished and not leaving active sessions unattended. To prevent unauthorized distribution or disclosure of personally identifying applicant information, both paper and electronic copies of reports must be carefully managed.
A robust and secure system requires a multi-faceted solution with hardware, software, and education. Critical to the success of any secure system is the education of its user community and employees on the importance and sensitivity of information. Knowledge of why and how data is secured, and the permissible uses of all information, is essential in maintaining the integrity of the system and its contents.
Cyber
Organizations typically engage third-party vendors specializing in background screening services to conduct cyber security background checks. These vendors utilize various methods, including database searches, reference checks, interviews, and technical evaluations, to gather information about candidates’ cyber security backgrounds.
Cyber security background checks are crucial for protecting organizations from insider threats and ensuring the integrity of their systems. By vetting employees or candidates thoroughly, businesses can mitigate the risk of data breaches, sabotage, or unauthorized access to critical infrastructure.