CaseBox security considerations, is CaseBox safe?
Casebox was designed to hold sensitive information on human rights cases. We have done our best to provide users with the convenience of an online platform, yet protecting against the dangers that come when data is stored online.
- Casebox is an open source application, published under a GPL license, and its codebase is open to external review.
- Casebox source code was audited by two separate security companies (full code review and follow-up review) and HURIDOCS will continue to invest in annual audits (penetration testing and code review for new features). We have shared the results of these audits in our HURIDOCS blog.
- Casebox allows you to choose between two methods of two-factor authentication: Google Authenticator or Yubikeys. Two-factor authentication provides you with a second password valid for a given session, and is the best protection againt spyware on your computer that may have harvested your login and password.
- Casebox logs user actions, so systems administrators can detect suspicious usage patterns such as failed logins.
- With Casebox, you control where your data is stored. Unlike syncing applications such as Box or Dropbox, you data is stored inside the Casebox server and is not slushing around on multiple employee computers, beyond your control, which may be compromised
- HURIDOCS has put together a strong hosting package, which includes encrypted hard drive, SSL encryption of communications, log auditing, daily offline backups, and a Swiss datacentre protected by Swiss laws on data privacy.
- Ultimately, a lot of vulnerabilities come from how you are your staff are handling security.
- Your PCs may be compromised, meaning they may be monitored by a third party. Make sure you are running licensed operating systems, so that you can benefit from the latest patches and updates. Make sure you run an antivirus program regularly.
- Casebox comes with two-factor authentication (Google Authentictor or Yubikey). Use it! Make sure all your staff uses it. It will protect you against keyloggers that can harvest your login and password.
- Invest some time to analyse what is your sensitive information, and the most likely threats or risks that you face with regards to information security, and what steps you can take to reach a higher level of protection.
- HURIDOCS consulting ensures that clients know the essential good practices to keep their data safe, whether online or offline.