At Wunderite, we are committed to implementing robust security measures to safeguard our systems and infrastructure. Security is ingrained in our company culture, and we continuously invest time, thought, and resources to ensure the highest level of security for our customers. By utilizing Wunderite, insurance agencies can enhance their overall security posture while improving productivity.
At Wunderite, we understand the critical importance of security in the SaaS industry. We recognize the trust you place in us when using our platform, and we are dedicated to maintaining the utmost security standards to protect your data.
B. Data Security
At Wunderite, we have implemented various security controls to protect your data:
- Whitelisting: We employ whitelisting services to restrict software communication to only authorized servers, minimizing the risk of unauthorized access.
- Database Encryption: Sensitive data stored in our database is encrypted at rest. Additionally, we utilize application-level encryption with AES-256 to further secure sensitive customer information.
C. Infrastructure Security
Wunderite maintains a robust infrastructure with a focus on security. Key security measures include:
- High Availability: Our core platform design incorporates multiple production servers and database servers to minimize downtime in the event of a service failure.
- Transport Layer Security (TLS)/Secure Sockets Layer (SSL): We require all connections to our website to be made over HTTPS, with a minimum version of TLS 1.2, ensuring that all internet traffic is encrypted for data protection during transit.
- Patch Management: To ensure that our infrastructure remains up-to-date and protected against known vulnerabilities, we conduct weekly scans on our production systems. These checks help us identify any missing patches or updates, allowing us to promptly apply them and ensure that our systems are hardened.
- Public Key Cryptography and Hashing Algorithms: We utilize these cryptographic techniques to digitally sign critical data, ensuring data integrity and detecting any unauthorized modifications.
- DMARC for email spoofing: DMARC (Domain-based Message Authentication, Reporting, and Conformance) is utilized to combat email spoofing, a common technique used in phishing campaigns. DMARC verifies the authenticity of email messages, protecting users from fraudulent emails and enhancing our overall email security.
- SSH Key Authentication: SSH key authentication is enforced for server access, disabling passwords to further harden our security.
- Automatic Security Updates: Security updates are automatically installed on all our cloud servers, ensuring our systems are always up to date and protected against known vulnerabilities.
- System Logging and Monitoring: Robust system logging and monitoring is implemented for remote server access, allowing us to track and analyze system activities, detect anomalies, and respond to potential security incidents proactively.
D. User Account Security
To provide enhanced security and protection, we implement the following measures:
- Two-Factor Authentication (2FA) for Customers: Two-factor authentication is available to our customers, adding an extra layer of security to prevent unauthorized access to customer accounts.
- Failed Login Throttling: To protect agent and customer accounts, our live website employs failed login throttling. After five unsuccessful login attempts, the account is temporarily locked to prevent brute force attacks.
- reCaptcha: Advanced risk analysis and adaptive challenges with reCaptcha are implemented to protect against malicious software and ensure secure interactions with our website.
- User Activity Logs: Our application maintains comprehensive user activity logs that capture any data changes made within user accounts. These logs provide a detailed record of account activity, including modifications to sensitive information or critical settings.
- Granular Permissions: Our application enables agents to set granular permissions
- if desired when collaborating with customers.
E. Network Security
Wunderite maintains a secure network environment by implementing the following safeguards:
- Distributed Denial of Service (DDoS) Mitigation: Our network infrastructure includes DDoS mitigation measures to filter out malicious traffic associated with DDoS attacks, ensuring uninterrupted access to our website and web-based services for legitimate users.
- Web Application Firewall (WAF): To protect our web-facing servers and applications, we have implemented a web application firewall that inspects and blocks harmful requests and malicious internet traffic.
- Weekly Network Vulnerability Scans: Regular network vulnerability scans are conducted on a weekly basis. These scans help us identify network changes and address potential vulnerabilities within our network infrastructure promptly, ensuring that our systems remain secure.
- Firewall Configuration: Strict firewall rules are maintained to protect our network. Only the minimum required ports are opened in the firewall to prevent unauthorized access. Additionally, we carefully manage public access to services, implementing necessary restrictions to limit exposure and maintain a secure environment.
F. Ongoing Security Practices
- At Wunderite, we prioritize ongoing security practices and ensure the following:
- Security Updates: All our cloud servers receive automatic security updates to keep our systems protected against the latest vulnerabilities.
- Regular Backups: We perform regular backups of our database and uploaded files, ensuring point-in-time recovery options are available.
- System Logging and Monitoring: Comprehensive system logging and monitoring has been implemented to track any remote server access and detect and respond to potential security incidents promptly.
G. Employee Security Measures
We understand that security is a collective effort, which is why we have implemented the following security measures for our employees:
- Multi-Factor Authentication (MFA) for Employees: Wunderite employees are required to use multi-factor authentication when remotely logging into our systems, providing an additional layer of security through multiple authentication methods.
- Annual Cybersecurity Training: All employees at Wunderite undergo comprehensive annual cybersecurity training to stay updated on the latest threats and best practices. This ensures that our team is well-equipped to handle security challenges effectively.
- Password Manager Usage: As part of our security best practices, all employees are required to use password managers to securely store and manage their credentials, minimizing the risk of password-related vulnerabilities.
- Managed Employee Computers: Our employees’ computers are managed through a Mobile Device Management (MDM) system. Full disk encryption, screen lock, and anti-malware software is enforced to protect against unauthorized access and potential security threats.
- Employee Background Checks: Prior to hiring, all employees undergo thorough background checks to ensure that we maintain a trustworthy and secure workforce.
- Only US based team members on a need to know basis have access to any production data.
- DNS Filtering: DNS filtering is employed to block access to known malicious domains, further protecting our employees and systems from potential threats.
H. Code Security
At Wunderite, we prioritize the security and integrity of our codebase. We employ a range of measures to ensure the robustness and reliability of our code, including:
- Code Review Processes: All code changes undergo a thorough review process before being merged into our codebase, and have clear attribution of the author of the changes. Each change must receive approvals from at least two experienced developers through our code review process, in addition to a QA Engineer. This ensures that code modifications are carefully examined, potential issues are identified, and best practices are followed.
- Quality Assurance Testing: A dedicated team of Quality Assurance professionals conduct comprehensive testing on our software. This includes functional testing, integration testing, and regression testing to verify the behavior and performance of our applications. Through meticulous testing, we aim to identify and address any defects or anomalies before our software reaches production.
- Static Analysis: Static analysis tools are utilized to perform automated code scans. These tools analyze our codebase, identify potential issues, and provide valuable insights into code quality and security.
- Automated Test Coverage: We maintain a rigorous approach to testing our code. Automated test suites are implemented to achieve high test coverage, ensuring that critical functionality is thoroughly tested and any issues are promptly identified.
- Dependabot: Dependabot is an automated dependency management tool we use to keep our software dependencies up to date. Dependabot regularly scans our codebase, identifies outdated or vulnerable dependencies, and generates automated pull requests to update them to the latest secure versions.
- Code Security Scanners in CI Pipeline: Code security scanners are integrated directly into our continuous integration (CI) pipeline. These scanners automatically analyze the code during the build process, checking for common known security vulnerabilities or coding best practice violations.
I. Compliance and Certifications
Wunderite is dedicated to maintaining compliance with industry standards and regulations to safeguard your data. We are currently in the process of establishing a SOC 2 program and anticipate achieving SOC 2 certification by the end of the year 2023. SOC 2 (Service Organization Control 2) is a widely recognized security standard that demonstrates our commitment to implementing effective controls and safeguards.
If you have any specific questions about our compliance or certification efforts, please do not hesitate to reach out to our team for more information.
J. Physical Security
Although we do not run our own data centers, we rely on trusted cloud computing providers to host our systems. In particular, we utilize DigitalOcean (a public cloud computing company) as our cloud computing provider, which maintains robust physical security practices. DigitalOcean has implemented stringent measures to ensure the physical security of their data centers, including, but not limited to:
- Access Controls: DigitalOcean employs strict access controls to their data centers, limiting physical access only to authorized personnel. These controls include the use of key cards, biometric authentication, and video surveillance systems.
- Perimeter Security: The data centers are protected by perimeter security measures, such as fencing, barriers, and 24/7 security personnel to prevent unauthorized access.
- Redundancy and Resilience: DigitalOcean’s data centers are designed with redundancy and resilience in mind, ensuring continuous operation even in the event of power outages or other disruptions.
- Compliance and Certifications: DigitalOcean maintains various physical security certifications and compliance standards to demonstrate their commitment to physical access security.
K. Customer Support and Incident Response
At Wunderite, we value open communication and transparency. If you have any security concerns or need to report a vulnerability, please reach out to our security team. We have established response timeframes and communication protocols to ensure efficient handling of security reports.
L. Third-Party Security
Wunderite understands the importance of third-party security in maintaining the overall security of our platform. We follow a comprehensive evaluation and vetting process for third-party vendors to ensure they meet our stringent security requirements. Regular security assessments and due diligence are performed to minimize potential risks associated with third-party integrations.
Last Updated: May 31, 2023