You'll naturally want to keep your data safe and secure. Not only for your own sake, but also due to regulation, such as the GDPR (General Data Protection Regulation) and for the integrity of the contacts and users in your database.
As in all cases, the whole is just as strong as its weakest link.
Luckily, everything is made certain to apply all best-practices when it comes to security to your Otto-system. It means e.g.:
- We keep the software and all sub-systems up to date and adhere to updates on security flaws on the market.
- We have breach intrusion protection systems in place.
- SQL Injection shouldn't be possible.
- XSS shouldn't be possible.
- Passwords are always stored as encrypted values.
- https is standard.
- If one account would be reached by unwanted parties, they can only affect that one, and no other clients or other backend systems.
We also follow best-practice when it comes to report any known breach to the proper authorities. As a Swedish company, this primarily means reporting to The Swedish Data Protection Authority (https://www.datainspektionen.se)
Your own responsibility
Obviously, you want the key to your own door, but never lose it to someone else. This means you will have to make sure also yourself that the password(s) you and your users use to:
- reach Otto, and
- reach your emails on the included Otto E-mail server
... will be as complex as possible and therfore difficult to breach. And obviously, no one should get hold of them either.
You will also need to inform us immediately if you think a breach has been made, and/or if you want help to alter all your existing passwords.
