We understand that your data is critical to your business. At Rex we use industry standard best practises to secure your data, but you have your own part to play in keeping your data safe. Some of the steps we take to secure the Rex platform include:
- Rex is hosted on the Google Cloud Platform, one of the most secure and reliable hosting providers available. Other notable companies that utilise Google Cloud include Macquarie Bank, Goldman Sachs, ANZ, NAB, Optus, PayPal and many more.
- We maintain regular off-site data backups
- We work with accredited third parties to conduct regular penetration testing, to ensure all our systems are protected from malicious actors
Despite the above security measures taken by us, the most effective way to avoid data loss is to keep your Rex account secure.
The majority of hacks and data breaches occur due to users using weak passwords, or using the same password in lots of places.
Use strong passwords
We recommend passwords at least 8 characters long, using uppercase letters, lowercase letters, numbers and symbols, to ensure they can’t be easily guessed by hackers.
Don’t reuse passwords on multiple sites
If you reuse the same password frequently, and another site where you’ve used that password gets hacked, then all your accounts could potentially be compromised. Check https://haveibeenpwned.com/ to see if your email has been compromised, and if so, you should seek to change all your passwords ASAP.
We recommend using a password manager such as 1Password to generate strong, unique passwords for all your online accounts.
Don’t share Rex user accounts
For simplicity, it can be tempting to allow employees to share the same user. Unfortunately if you do that, you expose your account to security risks. With employees sharing the same account, if 1 employee gets hacked, they all get hacked. In addition, you will be unable to use the audit log to work out which employee was compromised or what edits people have been making in the system, as they will all show as the same user.
Only grant users the privileges they need
If an employee account is hacked, the hacker can only do what the employee is able to. Employees can also manipulate your data, either deliberately or by accident. So by restricting employee privileges you can protect your business from employee activities, as well as minimise the impact of an individual account being hacked.
Preventing data exports
Rex has a privilege category - Data Exports - that lets you granularly control who can mass export data from the system. We recommend locking down access to this privilege on a strict as-needed basis.
If you want to investigate whether someone in your agency has conducted a data export, you can do so by navigating to Other Lists > Audit Logs and inserting "Export" into the "Operation" filter.
Read more about restricting user privileges here