White Paper on Data Security & Privacy

Data Security & Data Privacy MobileArq has implemented multiple strategies at several levels to protect its data and thus prevent a data breach. These security measures, designed and implemented by our certified security personnel, ensure that the data under the stewardship of MobileArq is protected and secure. The five separate areas under which the security measures are implemented include the following:

  1. Data Handling Practices and App Security
  2. Server and Network Security
  3. Security Expertise
  4. Software as a Service Agreement (SaaS)
  5. Parent Education
Security Practices Pertaining to Data Handling and Application

  • The data is encrypted in transit and the data is not accessible except through a protected login.
  • Careless password management is one of the most common ways to enter an account. For administrators, we do not provide all the three pieces of information in one place. The admin site is a completely different URL than the app.
  • We enforce strong passwords for users too - minimum 8 characters, must include a special character, number and an upper case letter. After a certain number of login attempts, they are locked out.
  • We exchange data with the district through a secure transfer or site. There is no sharing of data via email or other insecure means.
  • Each school district requires its own code to signup and additionally, email serves as verification. Each user needs to set up their own password to enter their school's app.
  • Testing of MobileArq server and application level security time and again by ethical hackers.
Security Practices for Protecting Our Data Server Include the Following:

  • Malware Protection
  • Scanning and detection of all kinds of malware on all types of files on the server
  • Smart detection and prevention of any methods of attack: back doors, web shells, viruses, hacker tools, ‘black hat SEO’ scripts, phishing pages, and many others
  • Denial of Service protection.
  • Real-time blacklists
  • Advanced anti-evasion protection
  • Threat Intelligence protection
  • Malicious bot protection.
  • Automatic removal of malicious code from websites
  • Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
  • Advanced protection for WordPress, Joomla, Drupal, Magento, and other popular web applications.
  • Brute force protection (Detects and blocks web authentication brute force attacks, without relying on either status codes or logs).
  • Anti-spam protection (Blocks web spam).
  • All Virtual Patches for Zero Day vulnerabilities
  • Data loss protection rules
  • PCI-DSS compliance (Meets PCI-DSS WAF compliance requirements).
  • Domain source blocking
  • Web shell protection
  • Whitelisting and blacklisting.
  • Advanced false positive prevention
  • Updates multiple times daily
In-house Security Expertise

Amelie Koran, a well-known security expert (Dept. of National Defense) is our security advisor. She consults MobileArq on the design and implementation of a security strategy.

Nirupama Mallavarupu, MobileArq Founder & CEO has also worked with server security for a long time. She is a Cyber Security Consultant for IBM and proficient in implementing the latest and best security practices.

MobileArq has a dedicated team to oversee server maintenance and security on a daily basis.

All of these processes and precautions have served MobileArq and its schools very well for the last six years. MobileArq has not had a data breach or a single downtime, including during the superstorm Sandy, when electrical power was out in a number of locations around the northeast US states for nearly two weeks.

SaaS Agreement

All Personal Data provided to MobileArq remains the property of Customer. The Data delivered to MobileArq is stored in the United States in a region that is geologically safe & sound. MobileArq does not share or transfer or sell the Personal Data to third parties.

Parent Education

Towards educating the parents on best practices for safe and secure use of their mobile devices, MobileArq provides tips and blogs on timely topics, see

https://www.tapinto.net/columns/nirus-tech-tips/articles

https://mobilearq.com/data-security-does-not-mean-data-privacy/