White Paper on Data Security & Privacy

Data Security & Data Privacy MobileArq has implemented multiple strategies to protect its data and thus prevent a data breach. Multiple layers of security measures, designed and implemented by our certified security personnel, ensure that the data under the stewardship of MobileArq is protected and secure. The five separate areas under which the security measures are implemented include the following:

Data Handling Practices and App Security
Server and Network Security
Security Expertise
Software as a Service Agreement (SaaS)
Parent Education

Security Practices Pertaining to Data Handling and Application

The data is encrypted in transit and the data is not accessible except through a protected login.
Careless password management is one of the most common ways to enter an account. For administrators, we do not provide all the three pieces of information in one place. The admin site is a completely different URL than the app.
We enforce strong passwords for users too - minimum 8 characters, must include a special character, number and an upper case letter. After a certain number of login attempts, they are locked out.
We exchange data with the district through a secure transfer or site. There is no sharing of data via email or other insecure means.
Each school district requires its own code to signup and additionally, email serves as verification. Each user needs to set up their own password to enter their school's app.
Testing of MobileArq server and application level security time and again by ethical hackers.

Security Practices for Protecting the Data Server Include:

Malware Protection
Scanning and detection of all kinds of malware on all types of files on the server
Smart detection and prevention of any methods of attack: back doors, web shells, viruses, hacker tools, ‘black hat SEO’ scripts, phishing pages, and many others
Denial of Service protection.
Real-time blacklists
Advanced anti-evasion protection
Threat Intelligence protection
Malicious bot protection.
Automatic removal of malicious code from websites
Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
Advanced protection for WordPress, Joomla, Drupal, Magento, and other popular web applications.
Brute force protection (Detects and blocks web authentication brute force attacks, without relying on either status codes or logs).
Anti-spam protection (Blocks web spam).
All Virtual Patches for Zero Day vulnerabilities
Data loss protection rules
PCI-DSS compliance (Meets PCI-DSS WAF compliance requirements).
Domain source blocking
Web shell protection
Whitelisting and blacklisting.
Advanced false positive prevention
Updates multiple times daily

In-house Security Expertise

Amelie Koran, a well-known security expert (Dept. of National Defense) is our security advisor. She consults MobileArq on the design and implementation of a security strategy.

Nirupama Mallavarupu, MobileArq Founder & CEO has also worked with server security for a long time. She is a Cyber Security Consultant for IBM and proficient in implementing the latest and best security practices.

MobileArq has a dedicated team to oversee server maintenance and security on a daily basis.

All of these processes and precautions have served MobileArq and its schools very well for the last six years. MobileArq has not had a data breach or a single downtime, including during the superstorm Sandy, when electrical power was out in a number of locations around the northeast US states for nearly two weeks.

SaaS Agreement

All Personal Data provided to MobileArq remains the property of Customer. The Data delivered to MobileArq is stored in the United States in a region that is geologically safe & sound. MobileArq does not share or transfer or sell the Personal Data to third parties.

Parent Education

Towards educating the parents on best practices for safe and secure use of their mobile devices, MobileArq provides tips and blogs on timely topics, see

https://www.tapinto.net/columns/nirus-tech-tips/articles

https://mobilearq.com/data-security-does-not-mean-data-privacy/