Security

SECURITY

ReachLocal uses a multi-layered approach to protect our information and systems. We take information security seriously and employ administrative, technical and physical controls to protect data.

 

Application & Network Protection

  • Web application firewalls to minimize the threat vector posed by application-level attacks (such as SQL injection)
  • Network firewalls to only allow specific protocols access to a limited set of IP addresses for business applications
  • Network segmentation, including the use of Demilitarized Zone (DMZ) architecture

 

 

Security Management

  • Encrypted access to applications using Transport Layer Security (TLS)/Secure Socket Layer (SSL) using industry-standard 2048 bit key-length
  • Regularly scheduled network scans of environment for vulnerabilities using enterprise-grade network scanners
  • Configuration management software for core applications to ensure the right access and settings are in place
  • Frequent audits of user permissions to ensure the principle of least privilege is adhered to
  • Two Factor Authentication required for all staff, as well as to key internal servers and applications
  • Centralised logging to review, investigate and resolve issues
  • Host based intrusion detection (HIDS) to enable visibility into system changes
  • 3rd party application security firm to continuously test the security of our key web applications
  • Agile practices to incorporate security updates into releases
  • Consulting security advisories to monitor any vulnerabilities in technology stack
  • Routine maintenance performed monthly on key software and hardware to avoid any zero-day vulnerabilities

 

 

Availability & Disaster Recovery

  • On and offshore datacentres to minimise latency and provide recovery in the event of a catastrophe
  • Availability monitoring of services internally and externally (3rd party) with real-time notification of downtime
  • Application performance monitoring to ensure performance standards are met
  • Data replication between production & recovery site

 

 

Education & Training

  • Developers take specialised training in application security at least annually
  • Employees take at least annual information security awareness training, delivered in nine languages covering topics from phishing to mobile device security

 

 

Physical Security

  • Datacentre providers with SSAE 16 SOC compliance reports

 

 

Contacting Us

If you have any comments or questions regarding our security, please contact us at byteback@gannett.com.

 

Last updated on August 1, 2021