Cybersecurity at Acupay

A 50% increase in cyberattack attempts on companies from 2020-21 made this year’s Cybersecurity month particularly poignant. The leading threats include social engineering, ransomware attacks, and software supply chain attacks.

Cybersecurity is a high priority for Acupay and there are multiple elements to the Acupay security strategy, including application, data, network, end-user, operational, and infrastructure security. Each element requires protection, but Acupay does not possess all the required skills to manage its protection in-house. As a result, Acupay utilises cloud providers, service vendors, third-party software, and employee training to deploy the security concepts of layered vigilance, readiness, and resilience.

The layered vigilance includes intelligence and surveillance to ensure visibility into the environment. Significant monitoring, vulnerability testing, and penetration testing are done both internally and externally to identify vulnerabilities, threats, and possible breaches. Vigilance also includes employee training, utilising threat intelligence, and performing risk reviews of partners and suppliers.

Readiness is about operational capabilities, structural security, and interdiction. This includes having a technology infrastructure that is built with security as a primary requirement. Acupay is hosted in AWS in a virtual private cloud for security while going through architectural reviews and security monitoring. The flexibility of hosting in AWS also allows the technology to be easily updated, keeping it current and properly configured, and these are primary tenets of good security.

The third layer is resilience through incidence response, mitigation, and recovery. This layer allows a company to respond to a suspected cybersecurity breach. Acupay maintains an incident response plan, a disaster recovery plan, significant technology redundancy, backups, and recovery processes for this purpose.

The final piece of the puzzle is cybersecurity insurance. This provides for an external incident response team to help navigate the complexities of client communications, forensics, regulations, and recovery operations.

All these pieces come together to provide layered security for the information that Acupay manages for its customers and users.