We take the security, confidentiality, ownership and hosting your data very seriously and give you controls to manage your data.
We use several industry standards to protect your clinic's data
Every login to cosmedcloud requires two-factor authentication which sends your mobile phone an SMS with a randomly generated always changing security code (just like banks do). Even if an attacker gets a hold of your password (first factor) - access is only granted if you supply your security code (the second factor).
Your data is encrypted on our servers using AES-256 - an industry standard and mandated by the Australia Government Defense Signals Directive for top secret information protection. In addition, your information is transmitted to your computer, iPad or iPhone using encryption to keep away prying eyes.
You can lock your account down to only allow logins from certain IP address and locations. Perfect to prevent staff from accessing the platform when at home or to prevent iPads from working when they leave the clinic. We also require device identification and ask for an additional check if we see a device we don't recognize. Read more about the controls we offer here
We utilize protection from security companies to protect from denial of service attacks and common bots found on the internet. These services also stop attackers in their path before they even reach our system.
Our platform is continually monitored for failed access attempts. Each failed attempt notifies our developers in which we can take real-time action such as call you if you forgot your password or for more sinister actors - block the device.