Data Security Policy Case Study: Matrix Group International
Matrix Group International's data security policy emphasizes strong passwords and a cautious approach to installing third-party applications.
Editor’s note: Below is a copy of the data security policy for Matrix Group International, published verbatim with minor edits.
At Matrix Group, security of your website, systems, and data is our outmost concern. We implement industry best practices to ensure that your data is secure as it travels across the internet and as it rests within our hosting environment. We need your help. The safety and security of any system is only as secure as its weakest link. To that end, you agree to work cooperatively with Matrix Group to train your staff on security policies and abide by the following security guidelines.
You will use a secure password manager to keep track of your passwords. Passwords will not be stored unencrypted and without password protection.
You and your staff will select strong passwords that
* do not consist solely of English words
* contain letters, numbers, and characters
* have at least 8 characters
You will use care when accessing your Matrix-hosted systems from public terminals. Whenever possible, you will use a VPN to connect to systems that contain confidential or sensitive information. You will logout of all systems when completing your session.
You will not store credit card information once the initial transaction is complete. You will not store credit card information for the sole purpose of possibly issuing additional charges, credits, or refunds and instead rely on your payment gateway to process refunds.
You will not store sensitive information in text or comments fields. Sensitive information includes credit card numbers, Social Security numbers, date of birth, or personal health information.
You will maintain up-to-date antivirus software on all systems that connect to Matrix-hosted systems.
You will not knowingly upload programs or files that contain malicious code, including trojans, viruses, and worms.
You will exercise caution when installing programs, code, or plugins to your website, applications, and content management systems. Whenever possible, you will check for security vulnerabilities or verity with Matrix Group that a specific program or code does not contain known security vulnerabilities.
You agree to report any suspicious activity or possible breaches to your Matrix-hosted system or systems that connect to Matrix-hosted systems. You can submit a work request or contact your project manager, a member of the Matrix Group IT team, or a member of Matrix Group senior staff.