Security Awareness

OVERVIEW

ChannelEngine facilitates multi-channel selling, streamlining of operations and helps our partners maximize their online sales. It is essential for our business partners to securely use the ChannelEngine application while it is integrated with various E-Commerce platforms via API. To achieve the security goals of confidentiality of information and integrity of shared data between communicating platforms, the following measures should be implemented;

ACCOUNT SECURITY
 To secure accounts created on ChannelEngine tenants, the following measures are recommended:
  • Create and enforce strong, unique passwords for accounts on their tenants.
  • Keep authentication credentials e.g. passwords and API keys secret.
  • Enable two-factor authentication or Single-sign on for an added layer of security.
  • Use service accounts with elevated rights to perform administrative operations.

USER ACCESS AND PERMISSION
To manage the access provided to users accessing the ChannelEngine tenants, the following measures are recommended:
  • Regularly review access rights and permissions accorded to users.

SECURE INTEGRATION
To establish secure API connection with the ChannelEngine application , the following measures are recommended:
  • Establish secure API connections using HTTP over SSL/HTTPS for encrypted data transmission and authentication.
  • Limit the permissions of API keys.
  • Use of up to data protocols and avoid the use of deprecated protocols.
  • Check testing flows and compare them to ChannelEngine’s standard test flow.

DATA PROTECTION
To secure data in transit and at rest, the following measure is recommended:
  • Data encryption at rest and in transit.
ChannelEngine provides data protection by anonymizing customer order data in line with GDPR requirements.

SECURE COMMUNICATION
  • Seek support using secure channels, for instance by raising support tickets using the online support form.
  • Use secure channels to share authentication credentials with the support team.

SOFTWARE UPDATES AND PATCHES
To ensure that identified weaknesses and vulnerabilities are addressed in a timely manner, the following measures are recommended:
  • Regularly check for patches and releases provided by various vendors for products in use.
  • Install patches and updates in a timely manner.

REPORTING AND INCIDENT RESPONSE
Our clients are encouraged to promptly report any security incidents, bugs or suspicious activity while using the application.

MONITORING AND ALERTING
To ensure that risky events and security incidents are identified and treated, the following measures are recommended.
  • Set up monitoring and alerting mechanisms to detect any suspicious or unauthorized activities. 
  • Monitor essential indicators of compromise including API usage, data transfers, account creation and system logs.

AWARENESS AND TRAINING
To ensure that customer employees are informed on security best practices, the following measures are recommended:
  • Training on identification of phishing attempts
  • Training on secure sharing of credentials and secure authentication practices.
arrow_upward