In a world where we increasingly rely on digital services not just in our personal lives, but in our professional lives too, the security of our data has never been more important. As your practice deals with clients' sensitive financial data, you’ll be aware of how important it is to make sure this data is well protected.
The good news is that we have an extremely diligent information security department here at FreeAgent, and we have a variety of stringent processes and measures in place to help protect both our Practice Partners and their clients’ data.
Here are just a few of the steps we take to keep our users’ data under a very secure virtual lock and key.
All information that passes between FreeAgent and our users’ computers is securely encrypted over HTTPS using TLS v1.2, which might sound like a lot of acronyms, but is the industry-standard best practice. We prioritise the strongest signing algorithms (called ‘SHA 256’) afforded by users’ browsers.
We also encrypt all the information we store on our users’ behalf. This includes data in our database and any files that our users upload. We enforce 256-bit AES encryption as standard, which is an extremely secure type of encryption.
We perform continuous automated assessments of all of FreeAgent’s systems to ensure that we adhere to industry-standard security best practices at all times. All access to FreeAgent’s underlying systems and data is protected through the use of unique credentials with two-factor authentication. Everything is logged and reviewed through an immutable, centralised audit trail.
Our staff are vetted prior to employment by our internal People Operations department. Checks include proof of identity, proof of right to work, proof of residency and proof of activity. We also maintain a suite of internal information security policies, procedures and guidelines, including incident response plans, which all staff, contractors and third parties must follow. These are reviewed at least annually.
In addition to this, FreeAgent staff access customer data on an ‘as-needed’-only basis, and only when approved by the customer (i.e. as part of a support ticket), or by operational staff to provide necessary support and maintenance. All employees must sign confidentiality agreements, attest to following FreeAgent policies and guidelines and follow an online monthly security training and awareness programme.
It might sound strange when talking about protecting data in the cloud, but our services are ultimately underpinned by secure brick-and-mortar data centres. We use a number of these data centres across Ireland, located in multiple zones to guard against the risk of localised physical failure. These data centres meet the strictest security standards, including ISO 27001, 27017 and 27018 certification, and comply with the EU General Data Protection Regulation (GDPR), something that you might have come across in your practice.
And a little extra
FreeAgent has also worked hard to become Cyber Essentials Plus certified. This gives us an extra level of external, independent assurance that we’re doing the right things to help protect our systems and services.
Actions you can take to be secure online
Although FreeAgent does a lot to protect our users’ data, we strongly recommend that all of our users practice good cyber security too. Make sure your staff and clients are using (and not sharing!) strong passwords. A password manager like LastPass or 1Password can help with this. Encourage the use of 2-Step Verification for all internet systems you use, if and where possible. Also, make sure to keep your systems and software up-to-date with the latest security updates.
Finally, always be on the lookout for phishing emails. Check the sender and check the URL of any embedded links. Do they look right to you? Were you expecting this email in the first place?
We hope that these stringent security processes help assure you that FreeAgent treats data security with the utmost care and attention. Find out even more about our security measures here.