Security Policy
1. Introduction
At Website Wannabe, we prioritize security to protect our customers’ data, websites and accounts, our company servers and related company infrastructure. This Security Policy incorporates compliance with key regulatory frameworks and industry best practices, while emphasizing support team protocols and server security.
2. Regulatory Compliance
Other Regulations:
- We adhere to applicable data privacy laws in regions where we operate, and HIPAA (Health Insurance Portability and Accountability Act) for applicable services.
3. Support Team Security Protocols
Access Control and Training:
- Website Wannabe team access to various infrastructure is granted on a need-to-know basis and regularly reviewed.
- Support team members receive training on cybersecurity threats and best practices.
Identity Verification:
- Support tickets involving sensitive changes require multifactor authentication for confirmation and written notice to execute.
Incident Management:
- All security incidents are logged, investigated, and reported to relevant authorities or affected parties as required.
4. Server Security Measures
Server Infrastructure Security:
- All our servers are leased by Liquid Web and governed by their policies.
Regular Security Audits:
- Vulnerability scans are performed monthly, with immediate remediation for critical issues.
- Malware scans are performed daily.
- Intrusion detection is run continuously.
Data Retention and Disposal:
- Customer backups are performed using Acronis and are encrypted. These backups are kept for a rolling 12 months for current customers and are kept for 90 days after account termination.
Incident Response Plan:
- Any incident detected or reported is immediately investigated by our support team. The results of the investigation is shared with any customer affected by default.
5. Customer Security Expectations
Shared Responsibility Model:
- While Website Wannabe ensures server and infrastructure security, customers are responsible for securing their applications, accounts, website and content.
- Customers are responsible for providing immediate notice to Website Wannabe with any compromised accounts that are connected or expected to be connected to our servers.
- Website Wannabe users are required on every account to maintain the security protocols and removing or attempting to remove any Website Wannabe user is prohibited.
- Any customer who has been compromised via a fishing or malware attack is required to have at least one team member take our annual cyber security training.
Recommended Practices:
- Use strong passwords and enable multi-factor authentication (MFA).
- Avoid uploading or hosting sensitive data unless proper encryption and access controls are in place.
6. Policy Updates
Continuous Improvement:
- Website Wannabe continuously reviews and updates this Security Policy to adapt to evolving security threats and regulatory requirements.
- Policy updates will be communicated via email and published on our website.
Customer Notifications:
- Any changes impacting customer responsibilities will be clearly communicated with no notice.
7. Contact Information
For questions about this policy or to report a security issue:
- Email: support@websitewannabe.com
- Phone: 267-500-2928