Latest Blog Articles from the DCX Team

How We Secure Your Data: FAQ

Written by Hubspot Author | November 1, 2024

 

At DCX, data security is our top priority. We understand that as cyber threats evolve, and more and more of your team members work remotely, it’s critical for you to know how we protect your sensitive information. 

 

We have a dedicated team who takes care of operations, IT, and data security, ensuring that both our internal data and systems, and those of all our clients, are handled with the utmost care. With Michelle Owen, SVP, Strategy & Operations and Rey Erracho, Director of IT Operations at the helm of this team, we are able to secure data to the highest possible standards.

 

In this FAQ, we will address the most common questions we receive about our data security measures here at DCX, ensuring you have a clear understanding of how we safeguard your data. 

 

1. What steps does DCX take to secure my data? 

We follow a multi-layered approach to data security, combining advanced technologies, proactive monitoring, stringent policies, and best practices to protect your information.  

 

We also leverage industry-leading storage and security software, such as Microsoft Azure and Heimdal, among others. 

 

Here is an overview of our key security measures: 

 

Software and technologies: 

  • Multi-factor authentication 
  • Application whitelisting 
  • End-to-end encryption, at rest and in transit 
  • Threat monitoring 
  • Email filtering and phishing protection 
  • DNS filtering 
  • Endpoint detection response 

 

Processes and policies: 

  • Quarterly security audits 
  • Storage access audits 
  • Ongoing security scans and assessment reviews 
  • Mandatory employee security awareness training 

 

 2. What encryption, authentication, and security software do you use, and how do these protect my data? 

Microsoft Bitlocker serves as our end-to-end (E2E) encryption software and is how we ensure we protect your data at all costs, both in transit, and at rest. In addition, we use Mailprotector that provides advanced filtering, encryption, and archiving for all our email communications. 

We also leverage Multi-Factor Authentication (MFA), adding an extra layer of protection beyond just passwords. At DCX, we use Duo as our means of extra security, which is an MFA software.  

Additionally, we use ThreatLocker, a Zero Trust architecture and application whitelisting software that enables us to deny all applications and scripts from running, except those that are explicitly allowed. And at a network level, we have Cisco Umbrella, that secures our networks and helps to prevent data breaches. 

 

3. What data do you store and how do you store it? 

We leverage cloud-based storage for any data or information that we store on the DCX side. This is primarily the PII (Personally Identifiable Information) of our employees, which is governed by our existing Data Privacy Policy. Further, our Data Retention Policy also ensures proper data protection and management.  

For our clients, we do not store client-side data per se. Rather, we provide the equipment and related security software and controls for your DCX team members, but they work within your systems and platforms where the data is stored and backed up.

 

4. How do you detect and respond to security threats? 

We have a dedicated Detection team that regularly monitors software that leverages Artificial Intelligence (AI) and Machine Learning (ML). Our main software here is: 

  • DNS Filter, which not only prevents users from accessing harmful websites and inappropriate content, but also provides us with real-time threat intelligence and reporting tools.  
  • Heimdal, our endpoint security and management tool. 
  • RocketCyber, that provides us with endpoint monitoring and ransomware detection. 
  • Avanan, which protects our collaboration tools such as Microsoft Sharepoint and Teams. 

This proactive approach ensures threats are mitigated before they can cause harm. 

 

5. What security policies do you have in place? Do you allow for any exceptions? 

We have robust Risk Management and Information Security Management policies in place, which are aligned with ISO 27001 2022, and the NIST Cybersecurity Framework. 

If a client requires an exception to one of our policies or software applications, then we do require that a simple questionnaire is completed, so that we are able to understand the context and any potential vulnerabilities. For example, if specific software is needed, we will assess the risk of that software via a full risk assessment exercise. If we determine the software is not secure enough, then we will suggest an alternative. If this is not suitable, then we can also move to set up a virtual desktop environment. 

 

 6. How do you comply with data protection regulations like GDPR and CCPA? 

We take data protection compliance seriously and ensure that our practices align with key regulatory frameworks: 

  • CCPA Compliance: For our US-based customers, we adhere to the California Consumer Privacy Act (CCPA), which provides transparency about how personal data is used and gives customers control over their data. 
  • GDPR Compliance: For our clients in Europe, we comply with the General Data Protection Regulation (GDPR), which governs how personal data is collected, stored, and processed. 

Our frameworks are supported by PII Protect, which identifies where Personally Identifiable Information (PII) is stored across our systems and ensures it is safeguarded in line with CCPA and GDPR. 

By staying compliant, we help you avoid legal issues and ensure your data is handled responsibly. 

 

7. How do you protect against human error in data security? 

Human error is one of the leading causes of data breaches. To mitigate this risk, we focus on regular team member training and awareness via the KnowBe4 platform: 

  • Annual Cybersecurity Training: Every January, we publish new Cybersecurity training for all DCX team members to take. This training is updated based on the trends we’re currently seeing and learning about from our software partners. 
  • Phishing Awareness: All DCX team members undergo regular training to recognize phishing attacks and social engineering tactics. 
  • Security Best Practices: We train our team in the importance of strong password management, secure data sharing, and safe access procedures. 
  • Incident Reporting: Team members are encouraged to report any suspicious activity, ensuring potential threats are addressed quickly. 

By fostering a security-conscious culture, we significantly reduce the risk of internal vulnerabilities.  

 

Your Data Security Is Our Priority 

At DCX, we are committed to keeping your data secure through industry-leading practices, proactive monitoring, and a dedication to compliance. We hope this FAQ has answered your questions about how we protect your data. If you have any further questions or concerns, please contact our team for more information. 
View full post