%20(13).png){kind=logo}
CyberSynapse, a division of The CyberNest has implemented multiple security protocols to effectively identify, respond to, and mitigate potential security risks. All employees, vendors, and contractors working with CyberSynapse must follow these policies to best protect CyberSynapse, The CyberNest, our experts, and customer’s data.
We’ve published our security policies publicly for transparency so you can see where we are regarding security maturity.
Privacy & Data Ownership
Your community account and customer account belong to you —- we do not sell or rent your information and do not help third parties’ attempts to advertise to you.
Data Security
CyberSynapse follows industry-leading standards to guarantee robust data security across our platform. We enforce strict access controls across all our applications and infrastructure and adopt least privilege permissions for our employees, contractors, and verified third parties.
Secure Hosting
CyberSynapse hosts data in Amazon Web Services data centers in US East and US West region, ensuring continual data availability and reliable security through native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type II) report.
Encryption and Secure Development
CyberSynapse encrypts all data both at rest and in transit. Industry-leading processes and tools are implemented throughout our software development lifecycle, including dynamic and static vulnerability testing (“DAST” and “SAST”). Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. CyberSynapse uses AWS Key Management Services for database encryption and secure key management.
External Penetration Testing
CyberSynapse applications and systems receive external penetration testing from leading security partners, third-party network penetration tests, and AWS security and corporate infrastructure security assessments and audits. Our security team also runs continual vulnerability testing and code audit processes.
Secure Bug Reporting
CyberSynapse internal vulnerability disclosure program provides a safe channel for external security researchers to communicate with our security team regarding potential security concerns or bugs. Please reach out if you have found a potential security issue you believe we should know about.
Organizational Information Security
All CyberSynapse personnel are restricted to handling data required to perform their jobs. Our team is trained in the proper use of our applications and industry best practices for security and privacy. All employees have completed background checks and signed confidentiality agreements.
Security for Client Teams
We provide administration and access control features to paid CyberSynapse client teams. These features allow administrators to manage their teams, including creating, transferring, or removing access as needed.
Cloud & Product Security
CyberSynapse requires a peer review for source code changes, regularly conducts audits of our source code, and regularly reviews potential vulnerabilities in our environment and applies relevant patches. All components that process your data operate within CyberSynapse private network inside our secure cloud platform, ensuring user data isolation. Servers and network ports are protected behind load balancers and a web application firewall. Vendor Policy All third-party vendors are vetted and regularly re-audited to meet CyberSynapse’s security and privacy standards. Personal information is removed from third-party systems upon request, or once it is no longer necessary.
Compliance
CyberSynapse, a division of The CyberNest complies with the EU General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield Framework regarding collecting, using, and retaining personal information transferred from the European Union to the United States. For more details, see our Privacy Policy.
%20(14).png){kind=logo}