Privacy

Statement

SECURITY AND PRIVACY STATEMENT FROM COMPUTER CLINIC

Computer Clinic takes our security and our customer’s security very seriously.  We review everything continuously and actively as part of our official IT policy.  Our appointed Privacy Officer for the company is Patrick Moran.

ABBREVIATIONS USED

GDPR = European General Data Protection Regulation 

CCPA  = California Consumer Privacy Act

CRM = Customer Relationship Management

ERP = Enterprise Resource Planning

2FA = Two Factor Authentication

DATA ON PHYSICAL DEVICES

We do not store or hold any customer data or information physically on our computers or store customer documents physically on our computers.

When copying data from one computer to another we temporarily store data on the external drive used at the time, however this is then securely wiped after use using a recognised system.

WHAT DATA IS STORED?

We do store some essential information relating to our commercial customers in order to communicate with them and the data that is stored is up to GDPR & CCPA via our CRM/ERP system.  This information includes but is not limited to:-

  • Business Name

  • Director/Business Owner Name(s)

  • Business Address(es)

  • Business Phone Number(s)

  • Business EMail Address(es)

Our customer’s employees and contractors (that work within business that we deal with), including key people;  will also have their contact details stored online in our CRM/ERP system for communication purposes.  The details stored are the name and contact details.

ACCESSING OUR CUSTOMER’S SYSTEMS & SERVICES

As an IT provider, we do have a need to login to our customers' IT systems to provide maintenance on them.

Below is our statement of what we do, how we do it and how it is protected.

REMOTE ASSISTANCE TOOL - TEAMVIEWER SOFTWARE

This is used for remote access to computers so we can work on them remotely.

We have an Enterprise Account with Teamviewer which cannot be accessed (even with the password).  The login to this account is protected with:-

  • Geo location locks

  • Only trusted devices can login

  • If any devices attempt to login, or even login with a password, they are blocked and we receive alerts

  • 3 x Factor Authentication is enforced on the login account as follows:-

    • The 1st factor is purely the username and password to login to our Teamviewer account.

    • The 2nd factor authentication is to a mobile app which blocks access unless approved.  Once this is approved it then flows into the 3rd factor authentication...

    • The 3rd factor is then an email from Teamviewer stating that a device is attempting to login and this is a new and un-trusted device.  From there we must go through a trusted device approval process to add it as a trusted device list to gain access to our Teamviewer account.

HOW DO WE ACCESS OUR CUSTOMER’S EMAIL SYSTEMS AND HOW DO WE PROTECT THESE LOGIN DETAILS?

For example we are often asked to login to a Microsoft 365 or Google Workspace administrator account to carry out maintenance on user accounts (add, delete, reset passwords, etc).

We have our own username and password to login to each account.  This username and password to login to the email system is protected with 2 factor authentication with Microsoft or Google.  The login details are all unique and we store these in:-

  1. In our CRM/ERP System online which is completely locked down with complex multi-authentication and auto lockout policy.

  2. In our secure passphrase management system which is completely locked down with complex multi-authentication and auto lockout policy.

Names of these systems can be supplied upon request if needed but as the information being supplied here is public, for security purposes we do not wish to state openly what they are.  However, we can confirm that both systems used are recognised international and industry standard and maintained solutions which are fully protected by 2 factor authentication and an auto lockout policy.

HOW DO WE SECURE ACCESS TO OUR CRM/ERP AND PASSPHRASE MANAGEMENT SYSTEM?

The CRM & ERP systems have 2FA enabled on all User Accounts & automatic logouts.

The password & passphrase managers master password is not written down anywhere digitally. This is all done by memory.  The passphrases are extremely long and unique.  There is an auto lockout policy on the systems too so all devices are automatically logged out on a regular basis.

Any details stored in our CRM/ERP system are encrypted and not stored in clear or plain text.  Even when logged into our CRM/ERP system, it is not possible to see any details when viewing each user account due to this - They need to be revealed. For some super sensitive data we implement an additional password to be entered before revealing the details.

E-MAIL SYSTEM

Computer Clinic utilises the Google Workspace Platform for its Email system. It is one of only two secure mainstream systems. The other being Microsoft 365 Exchange.

We are proficient with both systems and are qualified to set up, secure and maintain these systems.  We are also official partners with both Microsoft and Google.

All E-Mail accounts have Two Factor enabled, trusted devices and have very secure and unique long passphrases on them.

DEVICES SECURITY

Access to all computers is via a username and password.  We all login to our computers using a Microsoft Account which is protected with 2factor authentication. 

All PC’s/Laptops/Android Phones that are in use by Computer Clinic have commercial grade Anti-Virus installed on them - ESET Antivirus.

The main user account on the PC’s / Laptops have no administrative rights so nothing can run on these devices without needing authorization from an administrator account.

The filesystems on these devices are encrypted.

MOBILE PHONES

We only use mainstream, recognised brands of mobile phones.  These are Apple and Samsung.  Our mobile phones are fully up to date and  all are secured with a combination of Biometrics and password so no access is possible to these devices.

WORKING FROM HOME

When team members are working from home they only use Computer Clinic supplied equipment which is fully protected as listed above.

NDA 

Computer Clinic actively encourages the signing of Non Disclosure Authority Forms and routinely does so.  This is to give written and legal assurances that we would never disclose any information pertaining to any company that we are assisting.

ACCOUNTING SYSTEM

Computer Clinic uses Xero for their accountancy system.  Xero is world renown, and has excellent security. Our accounts all have 2-factor enabled, and unique passphrases.

OUR PASSWORD / PASSPHRASE POLICY

We don’t use passwords, we use passphrases.

We never use the same passphrase twice.

All stored passphrases are securely encrypted by our Passphrase Manager (stated above).

We always use long, unique passphrases which have 25 + characters in them.

We generate our unique passphrases by using a special tool which outputs a result and then we take that result and add our own random characters into this to add further complexity to the passphrase.

To access our own systems, our own passphrases are 25+ characters long and every single account that we login to (including our suppliers) is protected with multi-factor authentication.

SUMMARY

All accounts used to access IT systems both internally and externally have unique passphrases attached to them as well as 2FA enabled at the bare minimum. 

If you have any questions or concerns with any of the above, please do not hesitate to contact us for further discussion and clarification.