Jan 30, 2020

Cyber Essentials Security Certification: Serious about playing with technology

Cyber Essentials Security Certification

It's not just fun and games here at Dewsign. Whilst it might look like we spend all day designing cool websites and playing with the latest technology, we do take our work very seriously. And at the core of this is the need for a secure, reliable setup for both us and our partners. Whether it's GDPR or PCI compliance, NDA agreements or Cyber Security – our in-house processes are of the utmost importance to us at all times; essential when dealing with sensitive third-party assets and data.

As part of of ongoing efforts and commitment to provide the best service we were recently awarded the Cyber Security certification to give you total peace of mind when working with us, especially when working with sensitive information.

Secure internet connection with Firewall

All our computers and devices are connected to the internet through a top of the range Cisco router and boundary firewall, creating a "buffer zone" between our IT network and other external networks. This stops anything from coming into our network without us specifically requesting it.

Additionally, all our computers use regularly updated software firewalls to provide another backup level of protection and stops individual computers within the network from potentially spreading infections.

Secure devices and Software

This isn't as obvious as you may think. In many development environments it is still commonplace to use standard, non-secure file transport protocol (FTP) to publish files or send login details and sensitive information via Email.

Our development process is entirely based on Secure Shell (SSH) access. That means a fully secure connection to all our servers, databases and client websites. We don't even use shared passwords to log into servers. Every member of staff has their own secure access credential SSH key (an encrypted file used to identify an individual) which is used to authenticate them when connecting to servers, allowing us to control and remove access in the rare case of staff no longer working with us.

It also makes us developers look really cool when we use the command line; like in the movies!

When we do need to use passwords to sign in to software and services, we use top of the range password management software to ensure all our passwords are secure and unique to minimise any risk of exploits. When required we use two-factor authentication (2FA) as an additional layer of security to protect sensitive information.

Because every team member creates their own account to sign in to any services we use it makes it easy for us to apply the correct permissions required for each individual to access the information they need without exposing unnecessary data. The same applies to our internal file sharing and customer relationship (CRM) software.

Protection from viruses and malware

All computers within the company are protected against malicious software (Malware) and Viruses through industry standard Anti-Virus software and system protection. Software is regularly patched and updated to ensure we are constantly up-to-date to protect against any malicious activity.

Furthermore, we use whitelisting where appropriate to ensure only authorised devices can gain access to important accounts and control panels. Even beyond our internal network, our servers use whitelisting to avoid attacks on services running like SQL Databases and Caching services like Redis. This stops anyone from outside of the assigned network to even attempt to access the resource.

Where supported, we used software that support Sandboxing. Sandboxing essentially creates a secure, isolated environment for an application to run in, with very restricted access to the rest of the device.


Marco Mark

Tech Lead & Senior Developer