POPI ACT SAFE:
What is POPI ?
The Protection of Personal Information Act is a piece of legislation that was signed into law in 2013. It regulates all persons who are responsible for processing personal information such as telephone numbers, ID numbers and physical and email addresses.
Confidentiality of information of customers is one of the most important pillars of any business. At snowglobe all the information is saved in a secured database which can only be accessed by correct username and passwords. We have used random password generators so that it is very difficult to breakdown with attacks like brute-force.
Plus the passwords are encrypted by MD5 Digest Authentication which makes it even difficult.
A virtual server needs more security than any physical commodity as the loss incurred upon any attack is not easily detectable and damage carried out might completely destroy any online businesses.
SSH KEYS: The very basic and important security measure is to setup SSH based access to the server. Manual passwords are always vulnerable and the use of SSH keys will protect the server in a much better way.
What is SSH Key?
It is a combination of two files : 1) Public key – stored in server 2) Private Key – Owner has it
Whenever a SSH connection is tried to be established between any computer and the server, the server requests for the Private key which only the owner has.
Not only this, someone may think if Private key gets in wrong hand?? Then also nothing to worry as after the Private Key is shared, it asks for the PassPhrase which only owner can know. So its like a two factor authentication.
Firewall: In simple words, firewall is a network security system that is designed to prevent unauthorized access to and from a private network. Whenever any information is transferred through any request to the server it passes from the firewall. It is basically a filter that blocks any unauthorized request to the server and once blocked it does not accept any further request from that computer/IP.
SSL/TLS encryption: SSL i.e. Secure Sockets Layer is standard communication encryption technique between a web server and a browser. Every time you visit a legit you might often see a green padlock symbol. This represents the website’s SSL certification. At snowglobe all the user portals that are provided in any case whether they have a domain or use subdomain. All are having SSL certificates installed, means all the portals are secure and any patient will trust logging into such portals.
LFD(Login Failure Daemon) – LFD is a process that is part of ConfigServer Security & Firewall(CSF) that periodically checks for potential threats to a server. LFD looks for such attacks as brute-force login attempts and if found blocks the IP address attempting to attack that server permanently. The block can only be removed manually by adding the IP to the whitelist.
Basically the data is saved in the database and there are three types of database backups.
1) Daily Backup- It stores all the data of the past 7 days every midnight automatically. For example on 7th October, the backups from 1st October to 7th October will be available.
2) Weekly Backup – It stores all the data of the weeks of the last month. So on 7th October, the backups of 2nd, 9th, 16th, 23rd & 30th Sept will be available.
3) Monthly backup – It stores all the data of the months since start. So every 1st day of the month a backup is created.
Any loss of data if noticed due to accidently deleting can be notified and we can process the restore as requested.
Along with this we have a very innovative backup mechanism for all the assessments, or questionnaires. Obviously the database backup cannot be interpreted by humans easily as it is code format and it can only run and display with the software. But this innovative backup mechanism generates simple file that can be downloaded and opened in the browser and it will show the same assessment form with all the data filled in. Plus this backup file does not require any internet connection to run on the browser. Once downloaded it can be easily viewed in any browser without any internet connection.
Can person regain his lost data
Yes he can regain his lost data as per the backup schedule. He an choose any backup to restore, or a part of any backup to get restored.
OTP and safety checks
The therapists have two-factor authentication i.e when they enter correct username and the password they get a One Time Password in their mobile phone, they can enter it and then they are logged in.
For patients it is quite different. We have observed that people tend to forget their passwords quite often due to so many websites in this world and everywhere asking password. So they just enter their id number and they get the One Time Password in their phone and then they get logged in.
Data safe and anonymous:
Whenever any therapist registers with snowglobe a separate database is created for his practice and all the data is stored in that database only, so making it completely anonymous from one practice’s data to another.
Who has the power of data :
The main data is stored in the server that is in South Africa, the hosts ‘hetzner’ have physical access to the server but they cannot login as they don’t have the key and the password. It can only be accessed by the owner of the server.
(all password and login information was shared to you via email by hetzner. Passwords are still same and haven’t been changed.)