Three Ways to Keep Your Data Safer Online, for Expense Management and Beyond

Sometimes the Cloud can seem like a scary place. Luckily, protecting your data is of the utmost importance to us, and we take pride in designing and implementing security mechanisms around Tallie. We use best-in-class firewalls, secure public servers, and private servers that operate within a Virtual Private Cloud. In short: your expense reports and personal information are safe with us.

However, we recognize that the internet plays an enormous role in the average person’s everyday life. And with the prevalence of social media, Cloud storage, and online banking, it’s more important than ever to protect yourself wherever you go. But don’t despair! Below you’ll find three simple, but effective, ways to keep your data safer online.

BLOG-Tallie-Spotlight

1.  Use smarter passwords.

In order to prevent users from creating passwords that are easily compromised, Tallie’s most recent release includes a password strength meter. But when it comes to choosing a password, know that the strongest options contain multiple words or fragments of words. While including numbers and special characters certainly can’t hurt, the longer your password, the better. Avoid using guessable words or phrases that contain your personal information. For example, a password like “FidoSanFrancisco” won’t protect you for long after posting snapshots of your pup on the Golden Gate Bridge.

Be sure to never use the same password for multiple accounts. It may make things easier to remember, but once a single account is cracked, it leaves the others defenseless. And don’t forget to change your passwords often—at least once every 1-6 months.

2. Encrypt your most important files.

If you need to store or share data that you’d rather keep confidential, you always have the option of encrypting it first. This essentially renders your file unreadable by everyone without the corresponding passkey. To do this, we recommend using an encrypted file-sharing service like SmartVault. SmartVault allows you to store, encrypt, backup, and share your business’ confidential documents with ease. They also provide seamless integration with other business and financial applications, such as QuickBooks, QuickBooks Online, and, of course, Tallie.
BLOG-Tallie-SmartVault

If you ever find yourself uploading or transferring sensitive information elsewhere (say, through a browser,) be sure to look for the small lock icon in the address bar. If you don’t see the lock, or the protocol “https,” then it’s not secure! We know that expense reports contain confidential information vital to your business. That’s why Tallie uses secure SSL connections to encrypt your data while it’s in transit, as well as for absolutely all of our web services.

3. Answer your security questions with lies.

In theory, security questions are a great idea. Sometimes we forget our passwords, and need a simple, painless way to reset or recover them. But if the only thing standing between a hacker and your Cloud account is knowing your mother’s maiden name, then you might be in trouble. Maiden names, birthplaces, and favorite pets are all easily found via Google or social media. So what can you do?

Well, when it comes time to pick your security questions, don’t be afraid to tell a few lies.

It may sound strange, but it’s one of the best ways to protect your password against social engineering. There’s no reason you can’t make it something easy to remember: perhaps your mother’s name is Skywalker, and you have fond memories of playing with some pet droids at your birthplace of Tattooine. The key is to choose something you can remember (or safely record,) but that can’t be searched out by prying strangers. Of course, if you’re on record as a die-hard Star Wars fan, you may want to invent something else! You can also protect your security answers even further by breaking up the words with numbers or special characters. Every extra measure taken makes it that much more difficult for a hacker to access your information.

Remember that you can always trust that your expense reports will be safe with Tallie. And armed with the above advice, you can much better keep the rest of your accounts safe and secure. If you have any questions about these or any other internet safety tips, feel free to leave them in the comments below!

Ready to experience Tallie’s award-winning expense management software? Give us a try, FREE for 14 days – no credit card or commitment required. Would you prefer a walkthough from a trained expert? Schedule your free Tallie product demo now.

Tallie Unaffected by Heartbleed

Earlier this week, the Internet was hit with the Heartbleed bug that poses a serious threat to mass amounts of private information and data. No customer data stored in Tallie is vulnerable. We’d like to take a moment to help you understand the potential gravity of the Heartbleed bug, how Tallie protected your data, and what you personally can do to prevent compromised data in the future.

Heartbleed Security Bug

What is Heartbleed?

Heartbleed is a security flaw in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). The bug has caused memory contents to leak from the server to the client and from the client to the server. While bugs in software are often fixed by new versions, Heartbleed has proven to be a “super bug” of sorts– leaving extensive amounts of private information vulnerable and exposed online. This extensive exposure, combined with untraceable attacks, makes for easy exploitation.

Your Tallie Customer Data is 100% Secure

On learning of the general issue, Tallie’s Development Team performed an exhaustive assessment of potential exposure and concluded that all user data is secure. Here’s why:

Our public servers are safe. The load balancer we use does not contain or use the affected OpenSSL component, and passes Heartbleed vulnerability testing without issue.

Our private servers are secure. All of our private servers operate within a Virtual Private Cloud (VPC) and are not accessible directly from the Internet. One Amazon Linux-based system within our VPC, which we use for coordination, is being patched, but hosts neither customer data nor sensitive access keys.  Even if it were sitting on the internet for all to see, it would not compromise customer data.

Some 3rd party services experienced minor exposure.  Some of the 3rd party services we use were vulnerable and have been patched by the providers. For these systems, we are following the recommended mitigation steps by regenerating access keys, though there is no indication of any breach or compromise, and again, no customer data is at risk indirectly via these particular systems.

How to Remain Protected Moving Forward

Stay out of accounts from affected sites until the company has patched the problem. Most major companies should release announcements regarding the status of their security. If they have not, Tallie recommends that you contact the company to verify the safety of your data.

Change your passwords ONLY on officially patched sites. Start with personal financial login information, then email accounts, then software solutions that affect business and professional matters. After all critical accounts have updated passwords, then begin updating the rest of your personal and business accounts.

REMEMBER: In order to truly remain safe, you should diversify your passwords and never use the same password for all critical accounts. If you have used a password for your Tallie account that is shared across several different online accounts, we recommend you change your Tallie password to be safe.

Routinely check on your financial statements. Manually scan your credit card statements, for both personal and business, for any suspicious charges over the next few months. If you see a charge you do not recognize, contact your bank immediately to report it.

The unyielding protection of your information remains our highest priority here at Tallie, and this commitment has proven critical in moments of vulnerability such as this. If you have any additional questions, please leave them in the comments below and we’ll reply as soon as possible!