We realise that more and more, people are looking to ensure that their data is maintained in a private and secure manner; because of increasingly stringent regulations, and not only for personal reasons, companies now have to demonstrate that any personally identifiable information (PII) or sensitive documents are stored and transmitted securely.

Because security and convenience are to some degree mutually exclusive, our default method of working is unsecured – for many individuals and smaller businesses, this does not pose any significant problem. However, Group CCE supports a full range of secure data storage and transmission methods as detailed below; simply let us know that you will be transmitting PII and/or are subject to data integrity regulations prior to starting the job, and we will switch over to a secure channel.

Secure Website

Group CCE hosts our website on a secure server and this website runs in secure mode by default. However, if you run Internet Explorer (definitely on Windows XP), or the default Android browser below ICS, you will notice a certificate error. This is because Group CCE’s website runs on a shared server, which uses Server Name Indication to allow several secure websites to run on the same IPv4 address. This is not supported by either of the above configurations.

 

Non-Disclosure Agreements

Group CCE will sign and adhere to the conditions of all NDAs required as part of any project undertaken. In particular, Group CCE will undertake not to disclose any information provided by the client that is covered under the NDA to any third party (except where required to by law when requested), nor will Group CCE publish or reuse any work covered under the NDA (e.g. for portfolio purposes) until such a time as the embargo period is over. Please note that a small surcharge may be levied for the signing of NDAs to cover professional liability costs.

 

Secure Voice Calls

Group CCE uses Skype, which encrypts voice and video communications. In addition, we also support the use of RedPhone on our Malaysian mobile number, which uses end-to-end encryption if both parties are using it.

 

Secure Email

Email is never truly secure. Nevertheless, Group CCE uses a GNU Privacy Guard (GPG) implementation, which will enable encrypted (but not necessarily anonymous) email communications with anyone else using the OpenPGP standards. Messages are sent and retrieved from the mail servers via TLS, adding another layer of security. Messages sent and received are decrypted only to read them and are stored in encrypted form. The contact form on our website is not secured, so please use it only to point us to your public key (OpenPGP/X.509) so that we may use a secure client to contact you back.

More specifically, the encryption uses an RSA 2048-bit key. All email accounts used for secure communications have OpenPGP certificates stored in the OpenPGP certificate servers, so you may retrieve them from there. We ask that as you do, please certify and authenticate them.

 

Secure IM

Group CCE supports the use of Viber, an encrypted messaging service (please note that only Viber’s text messages are guaranteed to be encrypted). In addition, we also use and recommend TextSecure. At this moment, Threema is not supported; however, should sufficient interest arise, we will also consider supporting it. If you use secure IM, this will be our preferred channel of relaying passwords of symmetrically encrypted files to you.

 

Secure Onsite & Cloud Storage

Upon request, Group CCE can store all documents pertaining to a specific client and/or project on an EFS-, BitLocker- or TrueCrypt-protected disk. All materials to be transmitted back to the client either via the Internet or via courier will be put in a password-protected archive (ZIPX/RAR) with the password transmitted separately via sideband (usually IM or secure email) communications. All materials will be backed up to a TNO secure cloud storage provider (SpiderOak, Wuala, Tresorit, Mega, Bitcasa). In addition, Group CCE can work on documents in a virtual machine (VM) that has been air-gapped (no networking support). Please note that third-party service charges apply for the use of couriers and insurance.