How FreeAgent protects your clients’ data
In a world where we increasingly rely on digital services not just in our personal lives, but in our professional lives too, the security of our data has never been more important. As your practice deals with clients' sensitive financial data, you’ll be aware of how important it is to make sure this data is well protected.
The good news is that we have an extremely diligent information security department here at FreeAgent, and we have a variety of stringent processes and measures in place to help protect both your and your clients’ data.
Here are just a few of the steps we take to keep your data under a very secure virtual lock and key.
Data encryption
All information that passes between FreeAgent and your computer is securely encrypted over HTTPS using TLS v1.2, which might sound like a lot of acronyms, but is the industry-standard best practice. We prioritise the strongest signing algorithms (called ‘SHA 256’) afforded by your browser.
We also encrypt all the information we store on your behalf. This includes data in our database and any files that you or your clients upload. We enforce 256-bit AES encryption as standard, which is an extremely secure type of encryption.
Preventing vulnerabilities
We perform continuous automated assessments of all of FreeAgent’s systems to ensure that we adhere to industry-standard security best practices at all times. All access to FreeAgent’s underlying systems and data is protected through the use of unique credentials with two-factor authentication. Everything is logged and reviewed through an immutable, centralised audit trail.
People processes
Our staff are vetted prior to employment by our internal People Operations department. Checks include proof of identity, proof of right to work, proof of residency and proof of activity. We also maintain a suite of internal information security policies, procedures and guidelines, including incident response plans, which all staff, contractors and third parties must follow. These are reviewed at least annually.
In addition to this, FreeAgent staff access customer data on an ‘as-needed’-only basis, and only when approved by the customer (i.e. as part of a support ticket), or by operational staff to provide necessary support and maintenance. All employees must sign confidentiality agreements, attest to following FreeAgent policies and guidelines and follow an online monthly security training and awareness programme.
Physical security
It might sound strange when talking about protecting data in the cloud, but our services are ultimately underpinned by secure brick-and-mortar data centres. We use a number of these data centres across Ireland, located in multiple zones to guard against the risk of localised physical failure. These data centres meet the strictest security standards, including ISO 27001, 27017 and 27018 certification, and comply with the EU General Data Protection Regulation (GDPR), something that you might have come across in your practice.
And a little extra
FreeAgent has also worked hard to become Cyber Essentials Plus certified. This gives us an extra level of external, independent assurance that we’re doing the right things to help protect our systems and services.
Actions you can take to be secure online
Although FreeAgent does a lot to protect the data you and clients store in our software, it’s important that you too maintain good cyber security. Make sure your staff and clients are using (and not sharing!) strong passwords. A password manager like LastPass or 1Password can help with this. Encourage the use of 2-Step Verification, not just for your FreeAgent accounts, but for all internet systems you use, if and where possible. Also, make sure to keep your systems and software up-to-date with the latest security updates.
Finally, always be on the lookout for phishing emails. Check the sender and check the URL of any embedded links. Do they look right to you? Were you expecting this email in the first place?
We hope that these stringent security processes help assure you that FreeAgent treats the security of your data with the utmost care and attention. You can find out even more about our security measures here.