Introduction
Welcome to the Nazca Services Limited’s Platform security page. This page explains how we manage user and business account security and data security.
We strive to keep the Services you depend on up and running; in order to achieve this aim, we will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data. While we've taken steps to help protect your data, no method of electronic storage is completely secure, and we cannot guarantee absolute security
We will notify you if there appears to be unauthorised access to your account and we may also restrict access to certain parts of our services until you verify that access was by an authorised user.
Our goal is to be transparent about our business and managing user and data security by describing our technology and services in simple terms so that you can understand our practices. If you have any questions about this information, please contact us at [email protected]
User Session Timeout
Users sometimes leave their computers unattended or they don't log off. You can protect your applications against unauthorized access by automatically closing sessions when there is no session activity for a period of time. The default inactivity timeout is one hour following which a user will be logged out. Upon logout all cookies are removed preventing a session continuing and requiring the user to re-authenticate themselves.
A session that remains active up to twenty-four hours will require the user to re-authenticate themselves.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Platform may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy available on https://www.nazca-services.com/legal-stuff/
Password Policies
Strong password security is an important first step in protecting your Sales Pipeline Development Platform account and Business Account.
Nazca Services recommends these best practices:
In addition, users must never share passwords with anyone, either online or in person -- this includes their Platform password.
Multi-Factor Authentication (MFA)
To protect users from unauthorised user access to their account, we have enabled two-factor authentication, or 2FA, which is a subset of multi-factor authentication. MFA is one of the simplest and most effective ways to enhance the security of your Sales Pipeline Development Platform user and business accounts.
When a business administrator registers themselves to use the Platform, they are required to set their password and authenticated using MFA. All users an Administrator invites to a business account on the Platform are also required to set their password and authenticate via MFA.
Educate Users About Phishing
Nazca Services highly recommends phishing education for all Platform users. Most cyber-attacks use malware (malicious software) to infect a computer with malicious code designed to steal passwords, data, or disrupt an entire computer/network. Fortunately, you don’t need to be a security expert to help stop malware.
Some simple recommendations you can make to your Sales Pipeline Development Platform users:
Teach users to not be fooled by phishing, and to not click links or open attachments in suspicious emails. One of the most effective cyber-attack techniques is tricking someone to click a link or open an attachment that installs malware. These are called phishing e-mails because they lure you into opening an email. Phishing email can say something intriguing, useful, or appear to be a legitimate message from a real company (package delivery, payroll, Government context such as IRS or HMRC, social networking, etc.).
Instruct users to never open emails from unknown sources. Hackers want people to click on their link so that they can infect the user’s computer. Similarly, teach users that emails received from an unknown source should be evaluated based on the source and whether it makes sense. If not, it may be malicious. The sender's address should always be verified and any links to URLs can be hovered over to validate them. For example, if the link says it’s from Nazca Services, then hovering over the link should show a URL ending in ".nazca-services.com”.
Avoid loss of data
Nazca maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.
This Agreement was last updated on 20th August. 2020