Keeping your important data safe at Moraware

Keeping your important data safe at Moraware

When we’re talking to our customers or countertop fabricators who are considering using our scheduling or quoting software, sometimes we get questions about how we protect ourselves (and you) against catastrophes or hacking attempts.

We care a ton about making sure Systemize and CounterGo are running smoothly, so we put a lot of time, money, and effort into our infrastructure.

So, what does that mean? How are we protecting against hackers, viruses, and other scary stuff on the internet? Well…

We follow industry best practices. Most of it is pretty boring to talk about, but… We use SSL over HTTP – that means every web page you access is protected with the same encryption that you use when you do online banking. We encrypt all passwords, which means that neither your admins nor Moraware support can tell you what your passwords are.

We monitor for intrusions. You’d be surprised (well, maybe not) by how much shady-looking traffic we notice on our servers, that’s probing us for vulnerabilities. We apply all operating system and web server patches immediately. We have a team of developers who evaluate security issues every day and do whatever it takes to prevent issues.

Want to get even more into the weeds? One of the big ways to make sure we’re secure is having good systems in place that allow us to recover from a catastrophe. Here’s more info on our servers. In addition to periodic security audits from outside experts, you might also like the fact that we use multiple top-tier data centers. They all have a bunch of certifications including SOC 3 SSAE 16, Privacy Shield, PCI, GDPR… say that fast 3 times.

So what’s the biggest threat we’re worried about? You!

If you don’t want to open yourself up to hacking, here are a few really good security practices.

  1. Hire employees you trust. This is the number-one place where you’re exposing yourself to security risk. If you hire employees you trust, your whole business will run smoother anyway… just do it.
  2. Don’t share users. We charge per user, so it might be tempting to share users. In addition to being way less secure, your users will have a less personal experience when they share.
  3. Use good passwords. Don’t make your passwords blank or trivial, don’t re-use passwords in multiple places, and don’t share passwords. You should probably consider using a password manager. At Moraware, we use 1password.com, and it really helps us with good password policies on our computers and mobile devices.
  4. Restrict user roles. Instead of making all users admins, you should be restrictive in what users can do. In both CounterGo and Systemize you can customize roles to give the right people access to everything they need to do their job.

Interested in checking out our super secure, super safe software for countertop fabricators? Schedule some time to talk with our sales team below!

2 thoughts on “Keeping your important data safe at Moraware

  1. Flav

    It’s awesome to see you guys care so much about the security of our data. As you correctly pointed out, the greatest threat and easiest attack vector is via unauthorized login. It is nearly impossible to detect password reuse and I’m willing to bet at least half my users are reusing passwords or using some variation of an existing password in Moraware.

    According to Privacy Rights Clearinghouse there have been 9693 data breaches since 2005. That is close to 2 per day. Chances are pretty good that a combination of your email and password is in some website data breach. A good start would be to search for yourself at haveibeenpwned.com.

    But there is light at the end of the tunnel! The easiest way to protect yourself against unauthorized login is to use multi factor authentication. Personally I am a huge fan of U2F security keys since they protect against phishing attempts and are very user friendly. Fun fact – Google offers at no extra cost U2F security key support in Gmail and the business oriented G Suite product! U2F on mobile is still in its infancy but most providers have allowed the use of backup codes or TOTP in lieu of U2F in their mobile versions of their app.

    So Harry, how long before you do something about this greatest threat that you are worried about and implement multi factor authentications for your customers? According to Microsoft, MFA would block over 99.9% of attacks on accounts. Isn’t that something worth fighting for?

    1. Katherine Gifford

      Hi FLav, that’s a great feature request! I believe Harry has spoken to you regarding this over email. I hope you two have had time to talk more about it. Thanks again!

Leave a Reply to Flav Cancel reply

Your email address will not be published. Required fields are marked *