Keeping your data safe at all times.
Cyber risks are skyrocketing. The latest IBM Data Breach Report revealed that an alarming 83% of organizations experienced more than one data breach during 2022. The average cost of a data breach that year in the U.S. was $9.44 million. At Level7, we take data security seriously. We don't want you to become a part of this statistic. Learn what Level7 does to keep your data secure.
How Level7 protects your data
The websites and applications we create often handle sensitive information we have been entrusted with by our clients. This includes medical records, financial transactions, data from financial institutions, personnel information and more. We work hard to earn your confidence that your data will be safe in our hands as well. Level7 has multiple policies, procedures and measures in place to keep your data secure and to protect your website from various threats.
Personnel Security
Security breach doesn't have to involve criminals or insider threats. Human error can be enough to spell a security disaster. Learn how we make sure that our own staff should never be a cause for your concern.
Learn More
Server Security
Every server connected to the Internet is constantly exposed to malicious traffic and attempted attacks of every kind. Learn what efforts we take to keep our cloud infrastructure secure.
Learn More
Website Security
Every website or web application that we built comes with multiple security measures to protect it against various attacks and vulnerabilities. Learn how our coding practices keep your website secure.
Learn More
Personnel Security
Identity & Background Checks
All our employees and contractors must pass a federal background check and identity verification before they are allowed to start working at Level7.
Strict Access Control
We follow the "Principle of Least Privilege", as well as "Right to Know, Need to Know" approach commonly used in law enforcement. In a nutshell, our staff is granted only the minimum level of access that is strictly necessary for them to perform the task at hand.
Information Security Policy
Every member of our staff must follow our comprehensive Information Security Policy at all times.
Server Security
- All our servers are located in certified, professionally managed enterprise-scale datacenters across the United States
- We use cloud computing infrastructure that is certified for ISO 27001, ISO 27701, ISO 27017, and ISO 27018, SOC2 Type 1, and HIPAA
- Our servers are actively monitored, allowing us to quickly repond to any threats
- Our servers are managed by certified system administrators
- We utilize geolocation to restrict traffic from high-risk countries to minimize your exposure to malicious traffic
- We utilize NVD and CVE databases, along with rigorous server maintainance schedule to address any known security vulnerabilities
- We partner with CloudFlare to protect our clients against DDoS attacks
Your Website's Security
- Web traffic is encrypted via HTTPS connection with SSL certificate
- All user passwords are stored in a SHA-1 hashed and "salted" form, so that nobody (even us) can retrieve the original password
- Users' sensitive data is always encrypted at-rest
- We neither store nor directly handle credit card information, instead of relying on PCI-DSS compliant payment processors
- We provide Two-Factor Authentication (2FA) and ACL capabilities
- We use Captcha along with software- and server-level rate limiting to prevent form spamming and brute-force attacks
- We utilize proper coding practices and implement protections against many common attack methods, such as SQL injection, RFI/LFI, session hijacking, XSS or CSRF
- We use latest versions of core web-related server components (i.e. PHP, MySQL, nginx) and frequently install security patches and updates
