Cyber Security: More Important Now Than Ever
by James Brown
October marks Cybersecurity Awareness Month. As we quickly approach the holiday busy season, the EasyPost Systems & Security team wants to take a moment and talk a little about security and reliability here at EasyPost. You and your customers' data is of paramount importance to us, so we build security and reliability into every facet of our company and every product we make, and we’re proud of our 99.99% uptime and sterling information security record.
Here are some guidelines that we use to keep your data safe in our corporate environments, and which you can follow too:
- Use strong passwords, and use a password manager: Generally, your authentication system is only as strong as the weakest password any of your employees use. Password managers like 1Password by AgileBits make it a snap to generate strong passwords, share them with your teammates, and revoke access when necessary.
- Protect accounts with Multi-Factor Authentication: MFA/2FA is a great tool to add an extra barrier on top of a strong password to prevent malicious actors from getting at your juicy data; be it TOTP through something like Google Authenticator, FIDO2 authentication tokens like YubiKeys, or cool out-of-band MFA like Duo. We use multi-factor authentication across our enterprise. Look for MFA capabilities rolling out to your EasyPost.com dashboard in the near future!
- Keep regular, offline backups: One of the most powerful tools for ensuring the availability of your services in the face of attackers or just plain errors is to take regular backups of all your data and store them off-site under strong encryption. You probably have this already for your customer data, but make sure that your backups are comprehensive and include application source code, system configuration, and everything else you’d need to get back up and running.
- Minimize your attack surface area: That Chrome plugin that automatically parses your emails and creates a report of your typing activity looks neat, but the easiest way to improve your security is to get out of the habit of sharing your data with unknown or untrusted parties. We have a robust Information Technology team that reviews the third-party tools and services in use across our workforce and prevents malicious applications from getting a foothold.
- Be vigilant, monitor: Robust logging is an essential part of your business’s security strategy, especially if combined with domain-specific tools like SIEMs and IDPs. Gaining insights into what’s happening in your network and on your servers will not just help you be more secure, but can be a great tool in improving your application performance and reliability. We have a sophisticated logging and monitoring platform built on top of Apache Kafka that we use to monitor all of our applications and infrastructure.
- Build strong policies: Information Security is a field concerned with people far more than with machines. Building and enforcing strong and clear policies around information security concerns like account provisioning, data access, and encryption is the best way to protect your business and your employees.
Are you interested in working on challenging problems in secure system architecture and building the future of ecommerce? Check out our jobs page and join EasyPost!