Dovetail HR Service Delivery Employee Experience Blog

Cybersecurity of HR Data: How to Protect HR and Employee Data Against Cyber Attacks

Cybersecurity has become critical in protecting HR data against rising cyberattacks. This is particularly evident in recent incidents such as the British Library's ransomware attack by the Rhysida gang, which led to potential HR data breaches. Similarly, Five Guys faced a significant data breach, exposing sensitive applicant information.

These incidents are part of a larger trend of increasing cyber threats, with a notable 8% rise in global weekly cyberattacks in the second quarter of 2023. These attacks are becoming more sophisticated, often employing advanced AI in conjunction with traditional methods.

In light of these challenges, companies are now prioritizing cyber defenses more than ever. A prime example of this shift is the adoption of solutions like Dovetail HR Service Delivery Software. Dovetail not only enhances HR operations and the employee experience but also strengthens the security of HR data. It achieves this through a comprehensive security approach, including cloud security, compliance, encryption, authentication, role-based authorization, data residency, and retention. These measures form a robust defense against various cyber threats, ensuring the safety and integrity of HR data in an increasingly risky digital environment.

Building on the importance of robust defenses in this challenging digital landscape, let's now delve into the specific cybersecurity measures in place to protect Dovetail HR Service Delivery Software customers from cyber attacks.

Cybersecurity Measures in Place to Protect Dovetail HR Service Delivery Software Customers From Cyber Attacks 

“I'm proud to say that our robust security infrastructure and proactive approach place us at the forefront of cybersecurity in our industry. Our commitment to safeguarding our clients' data through advanced threat detection, continuous monitoring, and stringent compliance standards ensures that every layer of Dovetail’s digital environment is secure and resilient against evolving cyber threats."

Chad Myers, Chief Information Officer and Chief Security Officer at Dovetail

Dovetail's comprehensive HR Service Delivery Software, which includes HR Case Management, Employee Portal, and Employee Relations Case Management, employs a robust array of security measures to safeguard customer data effectively. These measures are designed to address various facets of data protection. They include:

Cloud Security

Dovetail operates within AWS data centers that uphold the highest levels of data security compliance. AWS stands out as more than a conventional data center, embodying both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). These categories of cloud computing elevate AWS beyond mere server hosting, offering a comprehensive suite of services encompassing compute power, storage, and more. This robust infrastructure significantly mitigates risks associated with common cyber threats such as worms (a type of malware that can duplicate and spread itself across systems on its own, replicating and spreading from an already infected computer to other devices on the same network) and other malware, such as ransomware, an attack where threat actors encrypt an organization's data and demand payment to restore access.

The design of AWS necessitates that any potential attack must be intricately tailored to its unique environment, demanding a far higher degree of complexity and sophistication from attackers. Although the landscape of cyber security is continuously evolving, with potential threats always looming, AWS currently maintains a proactive stance against conventional malware, thus offering enhanced security compared to traditional on-premises or co-located data centers. Additionally, AWS's architecture facilitates improved performance and rapid development processes, providing Dovetail with a competitive edge in these areas.

Furthermore, AWS adheres to the SOC 1® , SOC 2®, and SOC 3® sets of criteria and controls. SOC 2 compliance encompasses a range of security controls, including administrative, technical, and physical safeguards. These controls work in synergy with security frameworks to establish a resilient security posture; the organization’s ability to manage its defense of critical assets and data and react to change. 

SOC 2 serves as a crucial security framework, outlining how organizations should safeguard customer data against unauthorized access, security incidents, and vulnerabilities. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 centers around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. 

This framework offers auditors guidance in assessing the operational efficiency of an organization's security procedures.

The primary focus of SOC 2's security framework revolves around the management of customer data stored in the cloud. Fundamentally, the AICPA crafted SOC 2 to foster trust between service providers and their clientele.

Compliance With SOC 2 and GDPR

Dovetail Software diligently adheres to both AICPA SOC 2 compliance and GDPR regulations, underscoring Dovetail's commitment to enhancing the security of customer data and fostering trust. AICPA SOC 2’s comprehensive system of controls serves as a vital tool that not only helps Dovetail maintain transparency but also enables the organization to gauge the effectiveness of its security measures. It keeps Dovetail accountable to its valued customers who rightfully expect the highest level of care for their data.

Dovetail holds a Type II AICPA SOC 2 certification, which goes beyond the scope of a Type I certification. While Type I certification confirms that an independent audit has verified our program's SOC 2 compliance at a specific moment in time, Type II certification involves a more extensive evaluation. It demonstrates that we have not only achieved SOC 2 compliance but also maintained it consistently throughout the entire audit period. This emphasizes Dovetail's ongoing commitment to compliance and consistency over time, rather than just a one-time achievement.

Dovetail's dedication to these standards assures customers that we adhere to industry-leading best practices in both data management and operational processes. 

For example, as part of its compliance efforts, Dovetail implements a robust set of security measures, including stringent password policies, robust firewalls, vigilant intrusion detection systems (IDS), and advanced encryption methods. These measures collectively demonstrate Dovetail's unwavering commitment to safeguarding customer data and ensuring adherence to regulatory requirements.

Dovetail’s GDPR compliance signifies its commitment to safeguarding customer data, including from a cybersecurity perspective. The General Data Protection Regulation (GDPR) is a comprehensive set of regulations designed to enhance data protection and privacy for individuals within the European Union (EU). From a cybersecurity standpoint, GDPR compliance means that Dovetail has implemented robust security measures to protect sensitive data, including personal information, from breaches, unauthorized access, and data theft. It entails stringent security practices such as encryption, access controls, and data protection protocols to ensure that customer data remains secure and confidential. Dovetail's GDPR compliance not only demonstrates its adherence to legal requirements but also reflects its dedication to maintaining the highest standards of cybersecurity to protect the privacy and integrity of customer information.

EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Framework

Dovetail is committed to and has achieved certification for the new EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Framework.

The EU-U.S. & Swiss-U.S. Data Privacy Framework Notice, effective August 18, 2023, highlights Dovetail Software's commitment to personal data privacy protection, particularly in relation to cybersecurity. This policy is aligned with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, governed by principles such as security, data integrity, and purpose limitation. Dovetail is responsible for ensuring that its third-party service providers adhere to these principles while processing and storing personal data. In cases of non-compliance, Dovetail remains liable unless it can demonstrate it wasn't responsible for the breach. The policy also addresses Dovetail's commitment to resolving complaints and complying with investigatory and enforcement powers of the U.S. Federal Trade Commission. Additionally, it outlines the rights of EU and Swiss individuals to access and control their data, with provisions for binding arbitration in case of unresolved disputes regarding Dovetail’s adherence to the Data Privacy Framework Principles.

Dovetail's certifications, though a self-declaration, importantly underscores its commitment to data privacy and safeguarding the privacy rights of individuals in the US, EU, and other regions. Our approach extends beyond just verbal assurances; we have openly committed to these principles, placing ourselves under obligation and facing penalties if we do not adhere to them. This certification is a tangible reflection of our dedication to these crucial values.

Dovetail Cybersecurity Controls in Place

 

Encryption

Encryption makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Encryption serves as a protective cloak for customer data, whether it's in transit or at rest. 

Dovetail employs robust encryption algorithms including AES 256 to secure data when not in use and  TLS 1.2 or 1.3 (for web traffic) or SSH (SFTP) during data transit, which act as secure tunnels for file transfers, ensuring data remains impervious to prying eyes. Optionally, PGP encryption can be enabled for file transfers, adding an extra layer of security akin to enclosing data in an ultra-secure envelope.

To decrypt an encrypted message, you need a key. Dovetail employs the AWS Key Management Service (KMS), a renowned industry leader known for implementing state-of-the-art technologies and best practices in key security management. This enables Dovetail to take advantage of the expertise of AWS’s established KMS service provider credentials. This was a strategic choice by Dovetail with the objective of enhancing the security of customer data to the fullest possible extent.


Authentication

Authentication acts as the digital equivalent of verifying your identity at a secure entrance. It ensures that HR agents and employees are who they claim to be, thwarting both login sharing and session hijacking. Dovetail supports SAML v2 for Single Sign-On (SSO), offering granular control over identity verification, geo-fencing, and the implementation of multi-factor authentication (MFA). This layered approach reinforces data safety.


Role-Based Authorization

Role-based authorization restricts access so that HR agents and employees can only view the areas they are authorized to access. In the event of a session compromise, it prevents lateral movement within the system, limiting potential threats. Think of it as providing specific keys to specific doors, adding multiple layers of protection to the system.


Data Residency

Dovetail ensures that customer data remains within its intended region, reducing the attack surface (i.e. reduces all the ways that someone who wants to harm your security could find a weakness). This approach is akin to safeguarding important documents in distinct, secure rooms within your own house, limiting what unauthorized individuals can access. Even if an intruder gains access, they would only see a fraction of the data, enhancing data security.


Data Retention

Dovetail puts you in control of data retention policies. You can manually purge and redact data or establish retention schedules for automatic data redaction. Think of it as keeping only essential paperwork on your desk while securely storing the rest in a locked cabinet, ensuring that only pertinent data is retained.


Firewalls

A firewall is a network security device that monitors traffic to or from your network. Dovetail’s firewalls act as a critical defense mechanism, preventing unauthorized access and potential cyber threats by monitoring and controlling incoming and outgoing network traffic, ensuring Dovetail's continued SOC 2 compliance and data security.


Business Continuity

This involves having a robust plan to ensure that your business operations can continue during and after a ransomware attack. It includes backup strategies, disaster recovery processes, and communication plans. Effective business continuity planning ensures that critical functions are not severely impacted and that data can be restored quickly, reducing downtime and financial losses.

Business continuity is important because it helps mitigate the risk of ransomware and ensures data integrity and business continuity in the face of an attack.


Security Incident Management

This refers to the practices and processes an organization uses to handle cybersecurity incidents. It covers identifying potential security incidents, effectively responding to them, and learning from them to prevent future occurrences. The goal is to limit damage and reduce recovery time and costs. It also involves communication strategies to stakeholders and regulatory compliance.


Risk Management

In cybersecurity, risk management is the process of identifying, analyzing, and mitigating risks to the organization’s information technology systems. It involves understanding potential threats, assessing vulnerabilities, and implementing strategies to manage these risks, such as security policies, software solutions, and employee training.


Supply Chain Management

This aspect of cybersecurity focuses on the security of the supply chain, particularly the risks posed by third-party vendors and service providers. Vendor assessments involve evaluating and monitoring the security postures of external partners to ensure they meet required security standards. It's crucial because a vulnerability in a vendor's system can compromise the security of your own organization.


Threat & Vulnerability Management

This process involves continuously identifying, categorizing, prioritizing, and addressing cybersecurity threats and vulnerabilities. It's a proactive measure to protect against potential attacks. Regular vulnerability assessments and threat intelligence are used to stay ahead of potential security breaches, ensuring systems are fortified against emerging threats.


Logging/Monitoring

Logging and monitoring are critical for maintaining visibility over network and system activities. This includes keeping detailed logs of user activities, system changes, and network traffic. Continuous monitoring allows for the early detection of suspicious activities that could indicate a security breach. These logs are also invaluable for post-incident investigations to understand what happened and how to prevent similar incidents.

Dovetail's proactive defense strategy guard against malware (a software designed to harm devices or networks) and other various types of cyberattacks. Whether it's ransomware, snooping, phishing, or spyware, Dovetail's multi-layered security measures stand as a formidable barrier against emerging threats. This holistic approach ensures the safety and security of your HR data in an ever-evolving cybersecurity landscape.

Let’s take a closer look at how Dovetail’s security measures help defend against various types of cyber attacks.


How Dovetail Protects Its Customers From Types of Cyber Attacks

 

Ransomware

Dovetail's Software-as-a-Service (SaaS) is hosted within the secure AWS cloud environment. This architecture provides robust protection against ransomware attacks. Ransomware is a malicious attack where threat actors encrypt an organization's data and demand payment to restore access. In the unfortunate event of a ransomware attack on your corporate network, it won't impact your Dovetail software or data. Ransomware typically spreads within a network, encrypting files and data as it goes. However, Dovetail's SaaS hosting model incorporates multiple layers of defense and off-site/remote backup and data synchronization. This design ensures that ransomware cannot propagate into or within Dovetail's networks, keeping your HR data safe from such threats.

Snooping on Customer Data

Dovetail prioritizes data privacy and security, particularly during data transit. The support for the latest TLS 1.2 and TLS 1.3 encrypted-in-transit channels and ciphers ensures that malicious actors attempting to intercept customer data on the internet are unable to do so. This encryption acts as an impenetrable shield, safeguarding sensitive data from unauthorized access while it's in motion.

Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software. Phishing attacks often rely on stolen passwords or tricking users into revealing their login credentials. Dovetail mitigates the risk of password phishing through its support for Single Sign-On (SSO) with SAML v2. For instance, organizations using Dovetail's Employee Portal software can significantly reduce the risk of password phishing during the sign-on process, thanks to the use of Single Sign-On (SSO) which verifies the user at login. Moreover, Dovetail's customers can implement Multi-Factor Authentication (MFA) and apply regional, network, or IP-based restrictions in their Identity Provider*. These additional layers of security offer robust protection against malicious actors attempting to log in from unrecognized locations or networks.

*An Identity Provider (IdP) in the context of SSO (Single Sign-On) and SAML (Security Assertion Markup Language) is like a key holder in the digital world. Imagine you have several different doors you need to open (each representing a different online service or application). Instead of carrying a separate key for each door, you just go to the Identity Provider - the key holder. They check if you are who you say you are (like asking for your ID), and once they verify your identity, they give you a special 'master key' (in digital terms, a secure login credential). With this master key, you can open all the doors without having to prove your identity at each one. This makes logging into different services faster and more secure, as you only need to verify your identity once with the IdP.

Spyware

Spyware is a form of malicious software designed to covertly gather information from a computer or system without the user's knowledge or consent. To protect against spyware and enhance cybersecurity, Dovetail implements a range of security measures, including:

  • SAML Single Sign-On (SSO): Dovetail supports SAML v2 for Single Sign-On, which enhances security by allowing organizations to have centralized control over user authentication. With SAML SSO, users are securely verified through their identity provider, reducing the risk of unauthorized access to Dovetail accounts and protecting against spyware that may attempt to exploit weak login credentials.
  • Multi-Factor Authentication (MFA): Dovetail allows organizations to implement MFA for their Identity Providers, adding an extra layer of security. MFA requires users to provide multiple forms of verification before accessing their accounts, making it significantly more challenging for spyware or other malicious software to gain unauthorized access. Even if spyware captures login credentials, it would still need the additional authentication factor to breach the account. (Note: A SAML Identity Provider is a secure Single Sign-On system that verifies your identity once, allowing you to access multiple online services without needing to repeatedly log in).
  • Session Length Limitations: Dovetail enforces session length limitations, which restrict the amount of time a user can remain logged in without activity. This security measure helps prevent prolonged access by spyware or other malicious actors who may compromise a user's session. Shorter session durations reduce the window of opportunity for spyware to operate undetected.
  • Regular Security Audits: Dovetail conducts regular security audits and monitoring to detect and mitigate any unusual or suspicious activities that may indicate spyware infiltration. Continuous monitoring helps identify unauthorized access and data exfiltration attempts promptly.
  • User Education and Awareness: Dovetail promotes user education and awareness regarding cybersecurity best practices. This includes guidance on recognizing and reporting potential spyware threats, ensuring that users play an active role in maintaining a secure environment.

By implementing these security measures, including SAML SSO, MFA, session length limitations, and proactive monitoring, Dovetail strengthens its defenses against spyware and ensures the confidentiality and integrity of customer data. These cybersecurity practices collectively contribute to a more secure HR Service Delivery Software, protecting against the threats posed by spyware and similar malicious software.


Keyloggers

A malicious keylogger, often referred to simply as a "keylogger," is a type of malicious software or hardware device that records the keystrokes made by a computer user without their knowledge or consent. Keyloggers can capture every keystroke, including usernames, passwords, credit card numbers, and other sensitive information entered by the user. The captured data is then typically sent to a remote attacker, who can use it for various malicious purposes, such as identity theft, fraud, or unauthorized access to accounts.

To protect against malicious keyloggers and similar threats, Dovetail employs several security measures:

  • Single Sign-On (SSO) with SAML v2: Means that users can log in using their existing credentials from their identity provider. This eliminates the need to type in passwords within the Dovetail system, reducing the risk of keyloggers capturing login credentials.
  • Multi-Factor Authentication (MFA): Dovetail allows organizations to implement MFA for their Identity Providers. MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a one-time code from a mobile app, to access their accounts. Even if a keylogger captures a password, it would still need the additional authentication factor to gain access.
  • Session Length Limitations: Dovetail enforces session length limitations. Even if a user's computer is compromised by a keylogger, the compromised session will only last for a limited time, typically a few minutes. This reduces the opportunity for malicious actors to exploit captured data over an extended period.

By implementing these security measures, Dovetail helps protect against malicious keyloggers by minimizing the risk of capturing sensitive login information and limiting the effectiveness of compromised sessions. This layered security approach enhances the overall protection of customer data and ensures that HR data remains secure even in the face of advanced threats like keyloggers.

Rootkit attacks

A rootkit is a type of malicious software designed to provide unauthorized access and control over a computer or system while remaining hidden from the user and most security tools. Rootkits are often used by cybercriminals to gain elevated privileges on a compromised system, allowing them to perform various malicious activities without detection.

To protect against rootkits and similar threats, Dovetail employs several security measures:

  • Regular System Scans: Dovetail conducts regular system scans and integrity checks to detect any unauthorized or suspicious changes to the software and system files. This helps identify and remove any potential rootkit infections.
  • Advanced Security in AWS: Utilizes serverless technologies to eliminate rootkit threats, regularly rebuilds servers monthly with the latest OS and security patches to minimize attack risks, and employs continuous system scans with immediate alerting for detected problems.
  • Restricted Access: Dovetail follows the principle of least privilege, ensuring that users, including administrators, only have access to the resources and areas of the system that are necessary for their roles. This limits the potential impact of a rootkit if one were to infiltrate the system.
  • Session Length Limitations: Similar to protection against keyloggers, Dovetail enforces session length limitations. If a user's computer becomes compromised by a rootkit, the limited session duration reduces the window of opportunity for malicious actors to exploit the system.
  • Multi-Factor Authentication (MFA): Dovetail allows organizations to implement MFA for their Identity Providers, adding an extra layer of security. Even if a rootkit gains access to a user's account, it would still need the additional authentication factor to perform any actions requiring elevated privileges.
  • Continuous Monitoring: Dovetail employs continuous monitoring and threat detection mechanisms to identify any unusual or suspicious activities on the platform. This includes monitoring for unusual login patterns or system behavior that may indicate the presence of a rootkit.

By implementing these security measures, Dovetail helps protect against rootkits by actively detecting and mitigating potential threats, limiting the impact of compromised accounts or systems, and ensuring the overall security and integrity of the platform. This proactive approach enhances the security posture of Dovetail's HR Service Delivery Software, safeguarding customer data against advanced threats like rootkits.

Furthermore, should customer computers become compromised by malware, Dovetail's security measures continue to provide protection. Since Dovetail uses Single Sign-On with SAML v2, there are no passwords typed in or exchanged within the Dovetail system. This means that keyloggers wouldn't capture any passwords related to Dovetail. Furthermore, customers can implement MFA for their Identity Providers, further mitigating the risk of leaked passwords within their systems. Additionally, Dovetail enforces session length limitations, meaning that even if a customer's laptop is infected with spyware that has captured a session token, that compromised session will only last for a few minutes. This limitation reduces the opportunity for exploitation by malicious actors.

By incorporating these specific cybersecurity controls and countermeasures, Dovetail ensures that your HR data remains resilient against a wide range of threats, from ransomware to phishing, providing you with a secure HR Service Delivery Software that you can trust in today's digital landscape.

Monitoring Cyber Threats

In order to monitor and detect cyber threats Dovetail uses AWS’s SIEM (Security information and Event Management) tools

A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools offer real-time monitoring and tracking of security event logs. The data is then used to conduct a thorough analysis of any potential security threat, risk, or vulnerability identified. SIEM tools have many dashboard options. Each dashboard option helps cybersecurity team members manage and monitor organizational data. However, currently, SIEM tools require human interaction for analysis of security events.  

Amazon offers an extensive toolkit for achieving SIEM. Dovetail fully utilizes the spectrum of AWS security and monitoring solutions, encompassing AWS Config, AWS Security Hub, AWS GuardDuty, AWS Inspector, AWS CloudTrail, AWS Macie, AWS Web Application Firewall, and AWS CloudWatch Logs and Alerts. Also, AWS harnesses the power of AI/ML technology to vigilantly monitor incoming and internal activities within Dovetail’s AWS data center, specifically detecting anomalous behaviors, privileged actions, and privilege escalation. It promptly alerts Dovetail’s dedicated security monitoring team for swift responses.

To bolster security, Dovetail’s security-related logs are maintained separately from application logs, with access restricted solely to the Head of Security and Head of Infrastructure. Additionally, AWS operates a SOC (Security Operations Center) that remains abreast of the latest cybersecurity attack trends and methodologies. This center leverages AI/ML to identify unusual behaviors and potential threats, ensuring proactive security measures.

Dovetail's robust utilization of AWS's comprehensive security and monitoring solutions, coupled with the power of AI/ML technology, empowers its dedicated security team to effectively monitor, detect, and respond to cyber threats, reinforcing Dovetail’s commitment to data security and integrity.

Penetration Testing

The penetration test, commonly known as a pen test, evaluates the security of Dovetail's HR Case Management, Employee Portal, and API applications. A pen test is a simulated attack conducted by cybersecurity professionals to systematically uncover vulnerabilities and weaknesses in Dovetail's systems, networks, websites, applications, and processes. It helps us identify potential security gaps and address them proactively. Dovetail collaborates with a third-party expert holding multiple industry-leading certifications to carry out pen tests.

Dovetail's Commitment to Safe Software Practices

Dovetail is dedicated to the development and maintenance of secure software. This commitment involves adhering to established guidelines known as OWASP and SANS, which serve as comprehensive manuals for safe digital platform creation and management. These guidelines are instrumental in preventing common security issues. At Dovetail, the software development process incorporates the OWASP Top 10 and SANS Top 25 lists, which highlight the most frequent security weaknesses in software. By integrating these guidelines, Dovetail ensures its software is fortified against these well-known vulnerabilities. Furthermore, Dovetail's third party Pen Testers conduct regular checks against these standards, affirming the software's resilience against these common security flaws. Through this diligent approach, Dovetail upholds a high standard of security in its services.

Conclusion

Dovetail HR's comprehensive approach to cybersecurity exemplifies the company's unwavering commitment to protecting sensitive HR data in an increasingly volatile digital world. The meticulous implementation of cloud security, adherence to strict compliance standards like SOC 2 and GDPR, and the use of advanced encryption and authentication methods form the backbone of Dovetail's robust defense strategy. The integration of role-based authorization, data residency and retention policies, along with cutting-edge firewalls, further fortifies the security framework, ensuring that customer data is shielded from a wide array of cyber threats. These proactive and layered cybersecurity measures, coupled with continuous monitoring and regular penetration testing, position Dovetail HR as a leader in safeguarding HR data against the evolving landscape of cyber threats. In an era where data breaches and cyber attacks are becoming more sophisticated, Dovetail HR stands as a beacon of trust and reliability, offering organizations the assurance that their HR data is secure and protected with the highest standards of cybersecurity.