At the moment, there seems to be a lot of uncertainty and ignorance about cybersecurity. Cybersecurity is a collection of guidelines, concepts and measures to protect personal data. As a software provider, security is Mopinion’s top priority. That’s why we sat down with Anwar Jebali, Head of Development at Mopinion, to tell us all about how we ensure that Mopinion is and continues to be a safe software for you.
Even before the pandemic, Mopinion was a dog-friendly workplace. However, since last year, we added a few guard dogs to our team.
What if one of our dogs nibbles through an important server cable? What if this is the server that stores most of our information?
“That would not be a problem! Because we have no data storage on site and our customer data is stored securely. We use Amazon Web Services for all our hosting purposes. AWS uses availability zones to make sure our data is always available. This means that the data is distributed across multiple servers inside a data centre. Alongside of this, we create daily backups of our databases, which are saved in two different data centres. So even in the unlikely event of something happening in one data centres we can easily switch to another.”
Then we’re glad that our office dogs continue to only pose a real threat to all our office-snacks …
How do you make sure Mopinion is a safe software?
“We use a variety of tools, guidelines and processes to make sure our software is safe. Not only that, but we have put together secure development and engineering policies which our development teams adhere to, all according to our ISO 27001 certification. We have regular pen-tests done to evaluate possible security risks, and fix high and medium-priority issues as soon as possible. All our traffic from and to our servers is encrypted using special protocols. We also use different tools and software to do regular vulnerability scans.
Another important point is that we have internal security training for our development team to make sure their knowledge around security is always up-to-date.”
What are the risks, and how do we minimize them?
“Difficult question because there are just so many risks involved. For instance in the OWASP (an organization that keeps track of all vulnerabilities of Web applications and with the aim of improving the security of applications and services on the World Wide Web) top 10 the most common vulnerabilities for web applications are listed. This involves things like database injection, cross site scripting and security misconfiguration.
These types of risks we manage through what I listed earlier. A secure development policy, Up-to-date knowledge around possible security issues, regular pen-testing etcetera.
Arguably the most important factor in cybersecurity is the people in your organization. Most security breaches are related to actions by employees inside the organization, where hackers gain access through techniques such as phishing. We prevent the possibility of these type of attacks by educating our employees on risks around cybersecurity. As well as employ strict and clear policies around the access to data and systems. Data and systems restricted on an ‘as needed’ basis, so only employees that require access are given access to specific parts of the system.”
What is a Pen-Test? Can you share some interesting facts about what we are doing?
“A Penetration-Test is basically an authorized Cyberattack on a system to evaluate the security of the system. The test performed to identify vulnerabilities, such as potential for unauthorized parties to gain access to the system’s features and data. During a pen-test, a specialist will try to attack a system through various methods and tools. You can think of things like automated vulnerability scanners that scan for possible open ports and unrestricted endpoints. But also manually testing inputs for database injection possibilities and testing the security configuration of your servers.
The pen-test we have done includes both a black box and grey box testing. Black box is a method where the tester has minimal knowledge about the application, e.g. just the domain, and tries to find possible vulnerabilities.
With grey box testing, the tester has an account and login information, as well as knowledge of the previous black box tests and information on the company. Using the information he has, he then tries to gain more privileges inside the application or find additional vulnerabilities. A combination of these tests ensure a well-rounded pen-test.”
Lowell Nordics trusts in Mopinion
Check how they collect customer feedback with our All-in-One User Feedback Software.
Why is security so important for you?
“Security is so important for us because it represents the trust customers put in us. The trust that we handle their data with the utmost care.”
What happens to the customers’ data?
“All personally identifiable data is encrypted. There is absolutely no way to link feedback data to a person. We offer different options at Mopinion to anonymize data.”
Thanks, Anwar, for clarifying security guidelines and methods at Mopinion for us! We are happy to see, that security is our Dev Team’s top priority.
Do you still have any questions regarding this topic, or are you still not convinced that Mopinion is what you’re missing in your business to make it thrive? Get in touch with us, read our security page or check our blog for more information.
Ready to see Mopinion in action?
Want to learn more about Mopinion’s all-in-1 user feedback platform? Don’t be shy and take our software for a spin! Do you prefer it a bit more personal? Just book a demo. One of our feedback pro’s will guide you through the software and answer any questions you may have.