Chandlers archives Limited GDPR Compliance
The new General Data Protection Regulations come into force on 25th May 2018 from this date Chandlers archives will have additional responsibilities on our customer’s data that we hold and process
Protecting our customer’s data is our top priority within Chandlers archives.
The data we hold both in hard copy or electronically, will only be shared with the customer that gave us that data.
Chandlers Archives hereby undertakes not to copy, release, divulge or communicate, either in writing, orally, electronically or by any other means, to any third party, either directly or indirectly, any information not already in the public domain relating to any of our customers.
We take website security very seriously and have taken a great deal of precaution to
make sure that our website is safe from attack or misuse. A brief background on website security and also what specific steps we have taken to secure our website.
The actual server that the website is located on needs to be secure so that unauthorised persons cannot access it. Our website is with a large specialist web hosting company who have been in the industry for over 12 years, winning many an award.
The benefit of using a specialist web hosting company over setting our own server up is that they are constantly looking for security issues that may arise and fixing them instantly if they do.
Our server login password is also a mixture of uppercase and lowercase letters,
numbers and symbols for maximum security. Weak passwords are a huge securityconcern and should be avoided at all costs.
Database password storage
All passwords stored in our database use an encryption so that anyone looking at the database will just see a random 40 character string. This has the benefit that should a backup of the database fall into the wrong hands they would still not be able to use the username and passwords to gain access to the system.
This encryption also ensures the staff that does have access to the database, cannot see what the actual password of each user is. This also rules out any possibility of registered users having their password used to gain access to other systems they may have used the same password for.
Secure Sockets Layer (SSL) certificate
One of the most important parts of the website security of our system is the SSLcertificate. What this does is encrypts any data that is transmitted when using our website. This ensures that when people login to our system no data can be seen by a third party. It also allows for secure messages to be passed on from users of the website to our admin team without the fear of the message being read by any unintended person.
The SSL certificate should always be looked for when using our website so that you can tell that the website is secured. This helps the user rule out entering data into the wrong website.
This is a security issue called phishing which has been used in the past to get peoples bank details off of them. This method is when someone sets up a
similar looking website and tricks the user into using this website thinking it is the original system. However, the SSL certificate will only show for the genuine web site so allowing the user to check for this certificate ensures that they have not been tricked into putting any confidential information into the wrong website.
The SSL certificate we use has a 99.9% Browser Recognition Rate which means it will be available for all modern internet browsers. The more technical details of the certificate are that it is 256 Bit Strong SSL Encryption.
Other steps we take to make sure our website is secure
- Spyware and antivirus protection is on all computers that connect to the website via ftp. This is the method of gaining access to the actual files of the website which would be a huge problem if someone gained unauthorised access.
- Strong passwords are always used for critical login areas
- Regular checks are made to make sure only the correct amount of admin accounts are on the system. Creating admin accounts for themselves is a common task a hacker usually performs.
- Software on the server is regular updated
- All form entries into the websites are checked by the system upon submission to make sure that malicious code has not been attempted to pass through it
- Descriptive error messages are turned off on the website. This makes sure no useful information is given away to potential hackers
- Any file uploads within the login area of our website only allows certain files to be uploaded. This removes the ability for a would be hacker to upload malicious files to the server.