At Virtual Academy, we take cybersecurity as seriously as our clients take public security.
When we discuss our technical solutions with our clients, the talk often turns to just how we fight cyber threats and secure customer data. We sat down recently with Virtual Academy IT Director Josh Potts to get the 411 on our cybersecurity efforts.
The key takeaway is that our solutions at Virtual Academy will always be available when you need them, and using Virtual Academy will never compromise the integrity of your IT assets or systems.
Q. How does Virtual Academy protect client data?
A. Virtual Academy uses industry-leading cloud services company Amazon Web Services and Microsoft SQL tools (an industry standard in database storage) to backup customer data in multiple places in the cloud. Also, all data is highly available and presented redundantly, so that if any virtual location that houses your data is unavailable, another is presented immediately. This way, a customer’s data is readily available when needed.
Only secure web traffic (from websites that use “HTTPS” in the address bar) is allowed to interact with Virtual Academy’s servers; all other non-secure communications are rejected. This means Virtual Academy only interacts with websites and Internet data that is deemed safe by third party certification.
All customer data is securely housed and accessed by our servers only for view solely by our clients. The servers themselves aren't public, they exist in a private location and are only accessible via secure browser (HTTPS) connection. In addition, remote access to Virtual Academy’s network is locked down to very few people, based on business needs.
Should any data become unavailable on Virtual Academy’s website, there are tested and documented procedures for your Virtual Academy support team to restore the data quickly, using secure cloud storage backups.
Q. Can being connected to Virtual Academy’s websites expose our clients’ IT systems to any harm from cyberattack?
A. No. Virtual Academy uses SSL (Secure Socket Layer) security certificate technology to secure our connection with clients. You can verify our use of SSL certificates when you see the padlock in the URL address bar in your browser. Virtual Academy invests in this encryption to hide information shared back and forth with our clients.
Using SSL is like using a security envelope to mail sensitive financial data. You wouldn’t send your sensitive financial data on the back of a postcard, right? So SSL serves a similar function by hiding the information and sharing it only with people you intend. Information protected using SSL means that information is always shared with an authenticated and verified recipient and the data remains hidden to all but the proper party.
We will also not send any sort of executable files or any emails requesting your login credentials. Should there ever be a need for your login information, your support team will contact you in person.
Q. Are Virtual Academy's technical solutions accredited or have they been certified in any way by any third party rating system?
A. Virtual Academy has taken initial steps to self-certify with security guidelines detailed by the National Institute of Standards and Technology, as defined by the NIST-800.53 standard.
This standard details how organizations should use best practices for IT asset management, regular risk assessments, IT process governance, supply chain risk management, identity and access management, continuous security monitoring, disaster recovery, and security awareness training.
Virtual Academy has already taken steps to follow best practices in all these areas, but has plans to achieve self-certification to the NIST-800.53 standards in the very near future.