Security and Privacy at THE KSQUARE GROUP

Governance

At THE KSQUARE GROUP, we prioritize the security of our clients, and this commitment is reflected in our governance framework. Adhering to the CIA Triad principles, Confidentiality, Integrity, and Availability, we ensure a comprehensive approach to safeguarding information. No repudiation, we keep logs from our critical systems.

Security and Compliance

We have implemented advanced cybersecurity measures. In the realm of compliance, we meticulously adhere to industry standards to guarantee the protection of sensitive data.

We are enrolled to certify on SOC 2. Securing our clients information and protecting ourselves to have good security practices.

Policies

We have Policies to enhance our security plan. As the Business Continuity Plan to keep the working that include also, the incident responds for search for solutions. The principles policies in the enterprise are Security Policy, Access Management Policy and Data Retention Policy. (Además de contar con planes de respuesta de incidentes y continuidad de negocio para mantener a la empresa siempre en funcionamiento)

The first of these principles policies is the Security Policy and the purpose is to provide a list of policies and guidelines that the respective Ksquare employees must adhere to protect the security and integrity of company assets and to ensure Ksquare’s business is able to proceed unimpeded by potential cyber threats.

Secondly, we have the Access Management Policy that is to establish guidelines specifically pertaining to remote access to The Ksquare Group cloud servers. Preventing unauthorized access to company data from insecure networks is of utmost importance.

Finally, the Data Retention Policy is more focused on the correct management of information. Eliminating obsolete and irrelevant documents and information periodically. This policy is designed to identify the time periods for which certain types of information must be retained, including the periodic deletion of non-essential information.

Data Protection and Data Privacy

We recognize the importance of data protection and privacy. Our security policies encompass the following key areas:

Data at Rest

The company’s datastores housing sensitive customer data are encrypted at rest. Ensuring its confidentiality and integrity.

Data in Transit

Implementing measures to protect information during transit, we prioritize secure communication channels to potential threats.

Data in Use

Employing authentication and authorization protocols, we verify user identities and use Multi-Factor Authentication (MFA) tools to prevent unauthorized access. Our Identity and Access Management (IAM) principles form the bedrock of our cybersecurity strategy.

Our commitment to privacy extends to the use of various encryption tools, creating a digital environment that is not only secure but also resilient against cyber threats.

Enterprise security

Endpoint protection

We use a Microsoft Endpoint Manager, suite of services and tools for managing and securing devices and applications, therefore, with the Microsoft Endpoint Manager we authenticate, monitor, and secure all devices in the organization.

Secure remote access

We secure remote access using the Multi-Factor Authentication of Entra ID on Microsoft 365 to allow or denied the remote access. Using the principle of least privilege, we granted that only the essential information their can uses for performing their tasks.

Identity and access management

With the combination of Microsoft Endpoint Manager and the MFA of Entra ID, we granted the authentication and the authorization based on the role of the user needs. We are compromised to grant the access to applications based on their roles of our employees to secure the integrity of the information of our customers.

Security education and awareness

Understanding the importance of cybersecurity knowledge for employees, we have initiated a comprehensive awareness program. This initiative educates our workforce on recognizing and mitigating cyber threats, including phishing and malware. Regularly disseminating information on cybersecurity best practices, we provide engaging content, such as tips, phishing campaigns, and informative courses, reinforcing the significance of cybersecurity.

In addition, we offer ongoing courses and guides to keep our employees abreast of the latest developments in security and empower them with the knowledge needed for secure practices and phishing prevention. This commitment ensures that our team remains vigilant and well-informed in the ever-evolving landscape of cybersecurity.