Information Security and Data Transfer

Security and Privacy

FileMatching.com provides data processing services to organisations around the world. As part of our service offerings we perform a number of different technical operations that use customer information (names, addresses, other identifiers) for individuals and businesses provided to us by our Clients. Accordingly, we adhere to the highest level of privacy protection and data security practices, and we work closely with our Clients, staff, and suppliers to ensure that all parties understand their responsibilities with respect to our privacy guidelines.

We do not own data and only act as a data processor. As such, we process our clients’ information according to the terms and conditions of their contract. We do not share this information with outside parties and we do not disclose or sell personal information to third parties.

The FileMatching.com privacy policy has been established to protect the privacy and confidentiality of personal information, regardless of how it is collected or stored. To ensure best privacy practices we have established the following Privacy Principles.


Security of Physical and Technical Environment

FileMatching.com is extremely sensitive to information technology security concerns, and uses a continuous improvement process to ensure customer data is received, stored, and processed in a fully secure physical and computing environment.

Our FileMatching.com Website uses an SSL certificate

File Transfer Using SSL certificate and HTTPS

We have recently moved to Dropbox as our file transfer service. They are experts in the secure transfer of files and have a dedicated security team using the best tools and engineering practices available to build and maintain Dropbox.

  • Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES).
  • Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and our servers; it’s designed to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
  • Dropbox applications and infrastructure are regularly tested for security vulnerabilities and hardened to enhance security and protect against attacks.
  • We have 2-step verification turned on for our account.

We only provide our Dropbox details when we have fully agreed and signed a contract for services.

 

File Encryption

Although we use Dropbox for file transfers to and from our server we still recommend that all clients encrypt their data first.

If you don’t already have encryption software installed you could consider some of the following options:

  • 7Zip – Completely free archive utility that supports 256-bit Advanced Encryption Standard (AES) encryption
  • Winzip – Supports AES encryption in two different strengths: 128-bit AES and 256-bit AES. 256 bit encryption is better.
    • Note: Please try to stay away from legacy Zip 2.0 encryption, which is known to be relatively weak.
  • WinRAR – Archive utility that supports 256-bit (AES) encryption

PGP encryption

Pretty Good Protection (PGP) encryption is our preferred encryption technique and is considered to be one of the best techniques available.
With PGP, 2 parties swap encryption keys with each other. Party A will encrypt their data with the public key from Party B and at that point only Party B will be able to decrypt the file using their private key and their pass phrase. Similarly, if Party B want to send Party A some encrypted data they will encrypt it with Party A’s public key. The Public Key for Filematching.com is displayed in green text below. Use this key to encrypt data that you send to us.

Our Public Encryption Key is displayed below:

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2

mQENBFVSGDgBCACwzggqNwiOZUp2oF/e/dzxO+QY/SAAddAlBdFrkJKmde0I7P5P
ENC2bkcxBRBoPNYT3NJWxa/0wk0z8WK1x2n52D6j3MMjAfnZwGouM/kirqw2PBIO
FaT/0Eg2RlwZKQgSVMI2mRO26JUdS5WIdxEceYcKT24zo4C/DC0wkycP0JNejBff
ihRdfNPZy72zJs/ne7YbgIAtbpNf4hDPW/iPpngY77YB9iNJyXAnXCeZzkUgKLdx
ialboIytaq9FoFV1eJOEww6hxrl3iXNG7IDCIblzp9imsAOv1e8IwBAW88/nWfOg
lasiKTpbvVpQh1F8H2i4hhsLxOpMWnVjE7hTABEBAAG0UEphbWVzIFJhbXNheSAo
RmlsZSBUcmFuc2ZlciB0byBGaWxlTWF0Y2hpbmcuY29tKSA8amFtZXMucmFtc2F5
QGZpbGVtYXRjaGluZy5jb20+iQE5BBMBCAAjBQJVUhg4AhsPBwsJCAcDAgEGFQgC
CQoLBBYCAwECHgECF4AACgkQnBEVQClWP/7tLgf8CKdAuNi37lNanQMOlXiXUMdO
qe5BkSR0xNJo9JEWEa3Mr3MgOFp+k3quuadtXNe0KyPkpNMo/9vKS8Pzg0eCr/lr
/1gQqCj36cm4XqaUnooBHIrAs4a7/vRJMOlMkxsLbAzBx5OcA0pfJnLLgtD9GLSE
OIpIDunePaL8Q1ourkvnip7uFi3AhcCMqtvSHONuP6kLLkTX6WPlrjVx+hckJ4mj
qEdk12mW0+pffKRYmvfrbUP9EmdGJPkKg2Jyk80GDkbVDlVh2k2c7Prk7U2LKRkG
g0PxN2ocHIN/spQM22QeNzax8DPfJShc0SPrbhMJx20lc0qt5u4Cv9icbxR5Xw==
=G50h
—–END PGP PUBLIC KEY BLOCK—–

GnuPG is a complete and free implementation of the OpenPGP standard and can be found here – GNU Privacy Guard

Once you have downloaded the software you can generate your key pair (both private and public keys). We will use your public key to encrypt and send you information. You will use our public key to encrypt and send us data. This process will mean that your data is 100% protected for the entire time that it is either in transit to us or being processed on our servers (offline).

If you need help installing this software or require a better understanding of this process please call us, we will be happy to help.

Importance of a Strong Password

To have good data security you need a strong encryption technique coupled with a strong password. A strong password includes factors such as length and composition of the password. You should aim to use Upper and Lower case Letters, Numbers and Special Characters in your password. Stay away from words that can be found in the dictionary. Security also depends on the measures you take to ensure that your password is not disclosed to unauthorized third parties. Always try to send the password using a different means to the file (e.g. if using the file transfer portal to send your file then send an email to advise of the password). If using PGP encryption please ensure that you properly protect your private key (private pass phrase).

Processing Data

At FileMatching.com your data is actually processed in an offline environment. Meaning that the data is not available to anyone on the internet. Once it has been securely received it is downloaded and deleted from our online server and transferred to a secure Local Area Network (LAN) for processing. This LAN is a collection of 4 dedicated servers that contain the same environment and code libraries to securely analyse mulitple concurrent files. Our LAN is offline, it is not accessible over the internet. Only at the end of processing do we upload the results of the analysis, which will normally be unidentifiable customer keys, rather than customer information (depending upon client requirements). Just enough for you to identify your problem records without having to import the full dataset.

Data Destruction

At the end of processing your data, FileMatching.com will destroy all copies of the data. When we process your data on our servers we have 2 solid state hard drives per system. Our primary drive contains the operating system and database management software. The second hard drive is used to store the file(s), data and tables associated with your customer data. The reason for Solid State Hard Drives (SSHD’s) is two fold:

  1. Firstly, SSHD’s provide fantastic performance for read/write routines required by the database
  2. Secondly, Having 2 drives allows us to maintain all of your information in a single location. Normally when you try to delete a file from a computer it doesn’t actually remove the data, it is only marked as ‘deleted’. Certain software can undo this deletion and recover the file. Once your job is finished we completely rewrite the secondary drive that stored all aspects of your customer data. We use the clean all command (secure erase) to do this. The clean all command is part of the Windows operating system and ensures that each and every disk sector on the Hard Drive is overwritten and zeroed out completely. Running this command helps prevent the data from ever being recovered.