Data Security

Security—whether physical, network, or data—is a primary focus at North American Recovery and is part of our core culture. We rigorously secure all data, including backup systems in the event of system failure due to natural disaster or otherwise. We utilize coded key-fob locks on all external doors to protect our physical facility. Our building is a medium-high security facility with on-site grounds and building security personnel.

North American Recovery has implemented several measures to ensure the security of our client's data. All access to the computer system itself is protected by a multiple-password scheme. In addition, we do not allow remote connection directly to our internal network. Therefore, an outsider cannot even locate our system.

Internally, once access to the system has been granted, the user must then use a username and password to access system resources. Each login is unique to each user; the system software only allows access and capabilities defined specifically for that user.

We regularly upgrade all routers and firewalls and conduct 128-bit encryption of all data. We use dedicated T1's for both voice and data. We use a dual backup methodology. All of our Direct Access Storage Devices (DASDs) are redundant. We maintain a complete backup of the live data. In addition, we do a complete backup daily. The daily backups are archived for two weeks; the weekly backups are archived for a month and the monthly backups are archived for a year. Yearly backups are archived indefinitely.

However, North American Recovery uses encryption as only one level of protection in our multi-tiered approach to security.

Security is not only about protecting our network from outside threats; it is also about protecting it from threats from within. The weakest link in any IT security chain is the human element. In order for us to maintain a genuine culture of security, everyone in the organization, from top to bottom, must be informed and motivated about information security. The first step in internal security is awareness. Because we provide thorough training and regular reminders, our employees actively recognize and protect against potential threats. Education and awareness empowers each employee with the knowledge of their personal role in protecting our organization's network, which goes a long way towards reducing risk.

North American Recovery's security training program delivers a sequence of awareness modules, covering different information security topics every month. The security training materials address general employee issues, managers, and IT people separately because each one has distinct information needs.

Our Acceptable Use Policy (AUP) is a key element of our training and requires each employee to pass a written exam. Our AUP covers email usage, privacy, passwords, laptops, client data, and containment. No employee is permitted to work from home or remove transportable storage devices (such as CD-ROM, USB key, or floppy) from the facility or to transfer data from work to home.

Workforce training is not a single event. Security awareness requires commitment to a continuous program of employee communication and training. As with all other aspects of an employee's job, proper training in security is a core component of our success. Our security training and policies include:

  • Policy and procedure documents regarding computer usage, especially regarding Internet and email limitations
  • "Best practices" when using the Internet or email (i.e. not opening attachments from unknown senders and keeping passwords private)
    • Unless employees are 100% certain that a communication is legitimate, they assume it is not.
  • Other information security issues (such as spam, the dangers of accidentally downloading spyware, and phishing expeditions)
    • It is an immediate termination offense to download unauthorized software or freeware, such as file-sharing programs or games.
  • Companywide memos of new threats, how to identify a threat, and what to do if it is encountered
  • Equipping all employee computers and laptops with the latest security tools (which require two levels of passwords for access)
  • Educating each employee on the use of the tools available
  • Every computer having automatic 100% full-time scans of any file opened or accessed
  • Educating all employees about possible internal risks
  • Reminding the staff of the importance of reporting unusual or potentially harmful activity among other employees
  • Encouraging and rewarding staff for being security-conscious

 

Our layered, multi-tiered approach to security provides both North American Recovery and our clients with maximized security solutions that cover as many bases as possible.