In recognition of National Cybersecurity Awareness Month, I thought I'd give you a peek into the many ways Trellist works to keep our clients' data safe and secure. Trellist takes information security seriously, and in my role as Chief Information Security and Compliance Officer, I'm part of all major client engagements to ensure that systems and controls are in place to support that priority.
Trellist goes well beyond the basics when protecting clients—though there are certainly plenty of great tips out there for staying secure at home, at work, and especially while working from home. Without giving too much away (though we're always happy to get into the nitty-gritty for our clients and auditors), here are some of the important steps we take to keep data safe and secure:
- Employee Training – All Trellistees receive at least annual training in security awareness so we're not fooled by the latest email advertising a "free gift card" when it's really just a phishing attempt by a malicious actor. We ensure that certain groups and teams participate in specialized training based on their roles, e.g., application development. We also ensure that relevant employees are knowledgeable about the current regulations that apply to our clients, including the Payment Card Industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA) standards. Through continuing education, we strive to get and stay ahead of the curve when it comes to data threats.
- Specialized Implementations – In some cases we work within a client's existing IT infrastructure, but often we're asked to build a new environment from the ground up. In the latter case we work with the client to understand their unique security and compliance needs. We can either collaborate with a client-side IT security team or we can step in and play that role for the project team. Either way, we learn as much as we can in order to customize an information security and compliance solution that fits the environment we're building. We know that there is no such thing as one-size-fits-all when it comes to building out the best environment for our clients. Whether it's a straightforward web application for a regional client or a geographically dispersed and load-balanced multi-tier platform, we devote the same rigorous attention to maintaining the security and availability of the infrastructure we develop.
- Ongoing Protection – Security professionals frequently talk about an evolving threat landscape in which new information security threats appear on a daily and even hourly basis. We partner with some of the world's leading information security providers to ensure that the protections we put in place for our clients are constantly monitored to prevent susceptibility to any vulnerabilities—even ones that were just discovered today. Regular software patching is important, along with simple steps like installing monthly updates, but we take things a step further by proactively monitoring the software landscape for the technologies we implement.
You can follow many of the same principles in your own personal "business" to help keep your data safe. We recommend that everyone:
- Stay up to date on the steps you can take to protect your data. Read articles like this or subscribe to blog feeds about consumer technology and information security.
- Make the right choices for yourself and your family when you add or change devices or services for your home internet, entertainment, gaming, etc. Be sure to enable all available security controls including multi-factor authentication and malware scanning.
- Make information security part of your regular habits. Run the monthly updates for your computer, update the firmware for your devices when prompted, and change your passwords regularly.
Taking these steps will help you keep up with cybersecurity in many of the same ways that we implement security for our clients'—and our own—business-critical data and systems.