Earnd Security Centre

Platform and network security

• Third-party application and network penetration tests, performed by Cobalt.io against our entire product suite with GIAC, OSCP, CEH, and CISSP certified testers.

• We use Automated Threat Detection (AWS Guard Duty), Web Application Firewalls (AWS WaF) and DDoS protection in place (AWS Shield).

• All our instances are ephemeral and rotated constantly, restarting with the latest patches and security updates.

Storage of data

• Data is stored, encrypted at rest using a minimum of a 256 bit key via AWS KMS

• Customer data is stored within the AWS Sydney (ap-southeast-2) data centre

• Dual data backup stored in different locations for added security

• Backup retention is performed every 30 days.

Corporate IT

• We use an MDM and fleet management solution (Microsoft InTune) to manage all our devices.

• We use CrowdStrike.com for endpoint security, next generation antivirus and malware protection.

• We leverage multiple DLP strategies using CrowdStrike, Google Vault and more.

• All access to customer data is limited to a need-to-know basis, only via encrypted links, VPNs. Access is fully auditable.

• We use Automox.com to handle patching of our operating systems and 3rd party software.

Data transfer

• All transfer of data is performed over either HTTPS (TLS >= 1.2) or Secure FTP with no less than a 2048 bit using public key authentication.

Security best practices

• All personal data acquired by Earnd from employers is salted and hashed with SHA256 algorithm

• Multi-factor authentication is active, and Single Sign-on (SSO) is used to cascade access across multiple services where possible

Simple steps to build a financial wellbeing program

Make the change

Book a demo

Request a pilot

Roll-out quickly

Make the change