Are “Honeypots” on Your Software Provider’s Security Checklist?

In an age when security breaches seem to become an increasingly common occurrence, TazWorks’ security standards remain second to none. TazWorks is diligent in maintaining the most rigorous security practices, including the strategic use of Honeypots: programming decoys designed to lead hackers down the wrong rabbit hole. As they attempt to hack bogus data and systems, the system tracks their activity to expose hacking tactics and strategies. This allows IT professionals to improve system security without compromising the integrity of their systems and data.
TazWorks is the largest independent background screening platform provider in the United States. Our cloud-based software systems provide Consumer Reporting Agencies (CRAs) with tools to perform extensive background screening and verifications on behalf of their clients: employers, property managers, volunteer organizations, etc.  Because our software connects directly to sensitive consumer information, security must be the first priority.
The TazWorks security framework consists largely of the following checklist of tactics to prevent, secure, and protect its systems and consumer data.  This list is one of the more comprehensive security checklists in the industry, and rivals that of any technology provider.
Application servers imaged daily
If a server that houses data fails the first barrier of security, we replace it within a matter of hours. There is no downtime; replacements are immediate without loss of data or impact to the customer.
Honeypots / Deception Technologies
We use deception technologies and traps to proactively detect and fight potential intrusions, and use the collected data to study and enhance our security systems.
Intelligent threat detection and remediation
We not only stay abreast of security best practices and trends; we proactively work to find ways to keep our network and data safe. Utilizing services that analyze billions of events, from clicks, log-ins, and browsing activity, we effectively identify and block malicious activity.
Reputation lists & shared threat detection
We utilize a system to block approximately 20 million known malicious IP addresses.
Security as code
Automation means less room for error. We automate security best practices whenever possible.
PCI, SOC2, EI3PA Audits
We utilize multiple rigorous third-party audits to ensure best practices are being followed.
Daily releases
We use an agile release model, continuously releasing updates to ensure current software. We move and breathe updates.
Center for Internet Security (CIS) Benchmarks
We don’t skimp when it comes to configuring application servers; we follow rigorous guidelines to safeguard our systems.
Strong data encryption
To keep data secure, we use industry grade encryption.
Strong Hashing 
Not your hash(brown) breakfast! Rather, a rigorous algorithm that is used for cryptographic functions and increased security.
MFA 
We enforce Multi Factor Authentication (MFA) internally whenever possible. Users are required to authenticate using a code sent via email, SMS, etc. 
Penetration testing 
We employ simulated cyber attack testing by third parties on a recurring basis.
Peer review 
All code is peer reviewed for security and best practices.
Static code analysis
We automatically scan for vulnerabilities and best practices as an added layer for quality and secure code.
Secure coding training
Our development team consists of highly skilled, creative, and innovative individuals. Every team member is also required to take secure coding training on a recurring basis. We work to stay ahead of security developments.
Companywide security training
All of our employees attend security training annually, from our Customer Service Representatives to our CEO, and everyone is Fair Credit Reporting Act (FCRA) Basic certified.
As technology changes and evolves, we are committed to staying ahead of security threats.  
Author: David Tanner
Chief Software Architect
TazWorks – The CRA Technology Company
To learn more about TazWorks as a company and as a platform, visit us at TazWorks.com