We understand that your data is critical to your business. At Rex we use industry standard best practises to secure your data, but you have your own part to play in keeping your data safe. Some of the steps we take to secure the Rex platform include:
- Rex is hosted on the Google Cloud Platform, one of the most secure and reliable hosting providers available. Other notable companies that utilise Google Cloud include Macquarie Bank, Goldman Sachs, ANZ, NAB, PayPal and many more.
- We maintain regular off-site data backups
- Internal access to critical production systems is highly restricted
Recommended best practices
Worldwide, the overwhelming majority of security breaches arise from stolen passwords or phishing attacks. Keeping your account credentials secure is the single best thing you can do to protect your data.
Use strong passwords
We recommend passwords at least 8 characters long, using uppercase letters, lowercase letters, numbers and symbols, to ensure they can’t be easily guessed by hackers.
Don’t reuse passwords on multiple sites
If you reuse the same password frequently, and another site where you’ve used that password gets hacked, then all your accounts could potentially be compromised. Check https://haveibeenpwned.com/ to see if your email has been compromised, and if so, you should seek to change all your passwords ASAP.
We recommend using a password manager such as 1Password to generate strong, unique passwords for each of your online accounts.
Enable two-factor/multi-factor authentication on your email account
The most dangerous system is your email account, given that if someone gets access to your email inbox they can often reset passwords across multiple systems. So long as you’ve got a strong unique Rex password and you have 2FA/MFA active for your email provider, then you will be quite secure.
Don’t share Rex user accounts
For simplicity, it can be tempting to allow employees to share the same user. Unfortunately if you do that, you expose your account to security risks. With employees sharing the same account, if 1 employee's credentials get stolen, they all get hacked. In addition, you will be unable to use the audit log to work out which employee was compromised or what edits people have been making in the system, as they will all show as the same user.
Only grant users the privileges they need
If an employee account is compromised, the hacker can only do what the employee is able to. Employees can also manipulate your data, either deliberately or by accident. So by restricting employee privileges you can protect your business from employee activities, as well as minimise the impact of an individual account being hacked.
Preventing data exports
Rex has a privilege category - Data Exports - that lets you granularly control who can mass export data from the system. We recommend locking down access to this privilege on a strict as-needed basis.
If you want to investigate whether someone in your agency has conducted a data export, you can do so by navigating to Other Lists > Audit Logs and inserting "Export" into the "Operation" filter.
Read more about restricting user privileges here