Security Improvements for 2020

Ensuring your data's security, Ethnio is pursuing 2020 SOC 2 certification, enhancing vulnerability management, updating security policies, and conducting advanced penetration tests.

Calendar Feed Security

There are two ways Ethnio has made improvements to calendar subscription feeds:

  1. Hiding personally identifiable information (PII): ensuring datasets that may contain PII do not fall into the wrong hands, and preventing inadvertent disclosure when sharing ICS links.
  2. Automatic token hashing: protecting access to your information with token refreshes. In the event of a security breach, this adds another level of protection to your information.

As a result of these security updates, the calendar feed for all active accounts will be reset after Oct 15, 2019, and all users will need to resubscribe to their personal calendars. Once you have resubscribed, this feature will work as before, updating dynamically, but with more protection for you and your participants.

If you’re a current Ethnio customer, please read these specific instructions here:

Example of updated feed with hidden PII:

SOC 2 Compliance

Ethnio is currently SOC2 Type 2 compliant through our TierPoint-managed data center, and additionally, we're in the process of SOC 2 Type 1 & Type 2 assessments for the entire organization. This helps us get a handle on the number of security threats that continue to develop, and ensures that your data and your participants’ data is handled using the strictest guidelines. (Confirmation of Engagement Letter available upon request.)

Below is our scheduled timeline for SOC 2 Type 2 certification starting this month.

2019–2020 Cobalt Pentest Complete

 Ethnio has recently completed running due diligent pentests to locate and fix vulnerabilities in the system. These are hacker-powered penetration tests performed by a certified pentester. This helps us identify common weaknesses across the application and strengthen our entire security posture. The report below identifies path vulnerabilities and includes a risk summary of the issues that have been resolved. If you are interested in learning more about what a pentest is and how it's performed you can find more information here:

New Incident Response Plan

Our new Incident Response Plan is documented to provide a well-defined, organized approach for handling any potential threat to computers and data. Such incidents include: breach of PII, denial of service, and virus or firewall breach. Once the severity has been assessed, Ethnio will respond accordingly to detect, contain, and permanently fix issues. We have also put in place periodic testing to help eliminate gaps. Read the full Incidence Response Plan here.

More from the Blog

Ethnio's Donate Portion to Charity Feature Gets a Powerful AI Upgrade

With Ethnio, participants can donate a portion of their incentives to charity. Find out how our latest AI can simplify management and provide participants with culturally relevant experiences. 🕊

Mastering Research Leadership from Meta and TripAdvisor with Loi Sessions Goulet, PhD

Learn about research leadership from Loi’s time at Meta, Tripadvisor, and now as principal at Sessions Research. Let’s get into it.

Subscribe to Updates