More an more breaches of internet security are happening, typically resulting in personal information being leaked into the hands of hackers and potentially used for nefarious purposes.
What Security Measures are Used by Event Gate?
1. SSL Encryption
All transmitted information between your PC, Laptop or Mobile phone and Event Gate is encrypted with an SHA256withRSA Certificate.
2. Database Encryption
All customer data is stored in an ecrypted database using transparent data encryption which also encrypts all backups and logs.
3. Data Sovereignty
All data is stored in Australian data centers using the Azure Australia Southeast Region based in Victoria.
Note: This excludes payment processing which is performed by your chosen payment provider.
4. Password Complexity
Passwords are required to have the following complexity:
- At least 8 characters
- At least one uppercase character
- At least one number
- At least one symbol character
5. Password Management
All passwords are created by and only visible to the user account that will be using the password at the time of creating the password.
Passwords are not sent in email, where they could be stored and used should email access be compromised.
Passwords are not stored anywhere in Event Gate. Instead passwords are hashed and salted. This means that even if an attacker managed to access the database, they still would not have access to your password or your account.
6. Brute force protection
One favourite of hackers is to use a password dictionary to go through a list of popular passwords. This is mitigated by locking accounts after a set number of failed attempts to log in.
7. Multi-Factor Authentication (MFA)
MFA can be enabled by request, which allows an additional authentication step using tokens generated by an Authentication app such as Microsoft Authenticator or Google Authenticator.
8. Web Endpoint Review
All web endpoints have been reviewed to ensure that only users with the appropriate authorisation have access. As we have many clients, we have also ensured that each client is only able to access their data and not data of any other client.
9. Credit Card Processing
Event Gate does not process nor store credit card details, but integrates with PCI-DSS compliant third party payment providers (eg PayPal, Stripe, NAB, ANZ, CBA, MasterCard) who process credit card transations.