User security is of the utmost importance to us at Bridge U.S. We wanted to take some time to layout the main ways a user's data can be compromised and how we at Bridge U.S. protect that from happening.
As users increasingly are going mobile and accessing websites from multiple locations, it’s become important to ensure that their data is secure while it’s being transmitted between your server and their computer browser. For example, if you use a typical website from a shared hotspot, all of the data that passes between you and the site can be seen by other users on the hotspot (not to mention at other places while being transmitted to the site's servers).
SSL is an encryption protocol which allows data to be transmitted securely. You can tell if a website is using ssl by looking for 1) a green lock in the url bar and 2) “https://” as opposed to “http://”. We provide our application entirely over SSL (from both our servers to our DNS provider and from our DNS provider to our users).
Often with user security, the easiest ways to compromise a system don’t exist inside of the systems themselves. For example, when a user prints, copies, or faxes forms, the opportunity for compromising material to be left in the recycling or in the electronic device itself can be exploited. While we can’t secure printers around the world, we can protect a user from accidentally sharing their sensitive information when using a shared computer.
By providing application timeouts, a user is automatically logged out of the application if they 1) are not using the computer (no mouse or keyboard entries) and 2) no requests reach our server. We take our users' security very seriously and log a user out if they haven’t been active for 30 minutes.
Usually when people ask about security, they’re thinking of the kind of large scale hacking that makes it to the front page of newspapers. Usually these attacks focus on sites that have a large number of users and have sufficient data that, if compromised, the attackers would be able to use to steal the identities of tens or hundreds of thousands of users. The best protection against these attacks is by storing key data in encrypted fields in the database and ensuring that none of that data is stored in your server logs.
At Bridge U.S., we’ve designed our application so that all of your sensitive data is encrypted before it is stored in our database.