CrewCard has multiple safeguards in place to protect your personal information. From SSL certificates, Firewalls, Encryption at Rest and Multi-Factor Authentication, CrewCard goes to great lengths to keep your information protected.
CrewCard employs a robust security infrastructure by implementing an SSL (Secure Socket Layer) certificate. This cryptographic protocol is discernible through the presence of a padlock icon and the “https://” in the URL, affirming the secure connection. The SSL certificate guarantees the overall security and encryption of the entire CrewCard website and its associated platforms. This encryption protocol is paramount as it safeguards the confidentiality of all data transmitted between the web server and the user’s browser, enhancing the privacy and integrity of the information exchanged.
In addition to its SSL/TLS implementation, CrewCard fortifies its data security measures with Encryption at Rest at the hosting level. This form of encryption serves as an extra layer of protection for data stored on disks, including solid-state drives (SSDs) and backup media. By employing advanced cryptographic algorithms, CrewCard ensures that even in the unlikely event of physical theft of the server’s hard drives, unauthorised access to the data remains virtually impossible. The Encryption at Rest mechanism acts as a robust safeguard, maintaining the confidentiality and integrity of sensitive information throughout its storage lifecycle.
As an accredited STP provider, CrewCard’s affiliated payroll package named CrewPayer, undergoes meticulous scrutiny and rigorous extended conformance testing by the Australian Taxation Office (ATO). The approval received underscores the platform’s adherence to stringent standards, ensuring compliance with STP requirements. Additionally, CrewCard’s professional hosting server, strategically located in Australia, is engineered for optimal robustness. This strategic hosting approach not only enhances performance but also underscores the commitment to data security and regulatory compliance, providing users with a reliable and secure payroll solution.
When accessing their accounts, users are granted four consecutive attempts to input the correct username and password. However, if an individual unsuccessfully attempts to log in five times with incorrect details, the CrewCard software will enforce a temporary 15-minute block, preventing further login attempts. This security protocol serves a crucial role in thwarting potential brute force attacks and thwarting malicious actors who might engage in persistent password guessing to gain unauthorised access to accounts. By imposing this restriction, CrewCard fortifies its login mechanism, enhancing overall account security and mitigating the risk of unauthorised access.
CrewCard has a Security Warning Email feature that will send an email warning alerting you to the fact that another device has been logged into your account. This prevents and addresses the ever growing need for privacy and safety in the digital world.
When signing in to a new device, an email is sent to the account registered to your profile. The email informs you that there has been a new sign-in. The warning message describes the device that was used to log in and provides a link to change your password in the case that the new sign-in was not you.
CrewCard has a 2 Step Factor Authentication (2FA) that should be turned on in the security setting in your portal. Once initiated, this extra layer of security means that users (Admin, Superuser, Duty Manager and Crew) are required to use two forms of identification to enter their portals. This ensures that all data is protected from unauthorised login attempts.
Crewcard’s payroll software has implemented multi-factor authentication for users who have the privilege to access taxation, accounting, payroll and other pertinent information contained in the Payroll Portal.
A. User Accounts
The Payroll Portal can only be accessed by users that have been granted access by the Administrator.
B. Two Factor Authentication
The Payroll Portal has a two-factor authentication before a user can log in to the system. After entering the username and password, it will require the user to enter the 6 digits code.
The code can be sent to the user via their email address, mobile device as an SMS or the authenticator app.
C. Shared Logins Are Not Permitted
The Payroll Portal is one active login, meaning if the user is logged in to the Payroll Portal and they try to login again on a different browser or on a different device, the portal will not allow them to do so.
D. Session Time-Out
The Payroll Portal has a maximum session timeout of 15 minutes. If the user is idle for 15 minutes, the system will automatically log you out.
E. Remember Me
The Payroll Portal has a remember me function with a 24 hour limit.
F. Brute Force Lockouts
After 4 invalid attempts to enter the Payroll Portal with the incorrect password, the user will be locked out.
We have a Privacy Policy available for your review.
Privacy Policy: https://www.crewcard.co/privacy-policy/
Regular security audits are crucial for CrewCard’s operations, as they actively monitor server performance. These audits detect server downtime, ensuring our platforms are consistently available. They also identify and handle load spikes to prevent performance issues. Additionally, they watch for spamming activities, protecting our systems and user data.
Moreover, these audits evaluate the effectiveness of our backup solutions, ensuring data protection and quick recovery from any incidents.
CrewCard’s network status, notification and maintenance system add extra protection by providing real-time updates on potential issues. This helps us minimise disruptions to CrewCard platforms, ensuring a smooth experience for users.
Furthermore, here are the security measures being implemented on the server side:
1. Encryption methods employed for data transmission and storage.
We use SSL/TLS for both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit and at rest.
2. Access control mechanisms ensuring authorized personnel access only.
We utilize key-based access to your server via a custom SSH port 2929. This method is applicable only if you have purchased our Monitoring and Maintenance Agreement (MMA).
3. Regular security audits or assessments conducted to identify vulnerabilities.
We conduct regular monitoring of servers to detect server downtime, load spikes, spamming, and the status of any backup products purchased.
4. Procedures in place for incident response and handling security breaches.
We offer a comprehensive Network Status, Notifications, and Scheduled Maintenance system to keep you informed about potential service disruptions or maintenance activities that may affect your services. You can access our status page at https://status.mysau.com.au/.
