Security

Supporting our customers in case of data breaches

Considering recent cyber-attacks and data breaches across Australia, our customers’ and partners’ data and security is of utmost importance to us. Here are the ways we protect you:

Data Security

  • Data security is a top priority for bzTrack. Our cloud hosting is provided by world-class cloud service provider Amazon Web Services and we have 24-hour surveillance and protection. All data is fully encrypted and always up-to-date.
  • Strong encryption protocols to ensure the confidentiality and integrity of data both at rest and in transit
  • We are committed to the security of your data and our platform provides multiple layers of protection for the personal and financial information you entrust to bzTrack. You can find out more by viewing our Privacy Policy.

Account data

  • We collect and store bank account details (BSB, account number and account holder name) and no other details are collected or stored. All sensitive data is encrypted in the database.

Network Security

  • All access to our networks is protected by authentication with password and authentication keys. All communications to the network is via secure channels (HTTPS and SSH).
  • Vulnerability Assessments and Penetration Testing are regularly performed on the networks to ensure our highest levels of security.

Third-party Security

  • We have engaged with Vectra Corporation (https://www.vectra-corp.com/) for our Security Operations Centre (SOC) and Security Incident and Event Management (SIEM) monitoring and also for assessment for PCI DSS certification for advanced threat detection. We have implemented IBM’s QRadar for SOC and SIEM software.
  • We have engaged with Crossbow Labs (https://cbl.world/) for Virtual Security Services advising and guiding to ensure controls required for PCI DSS certification and ISO 27001 certification are in place.

If you want to find out more information about how we keep your data safe, please get in touch at support@bztracknull.com

We take security seriously and are a proud supporter of The Australian Cyber Security Centre. They offer helpful information on what to do if you think you’ve been a victim of a cyber-attack including:

What do I do if my data has been breached?

  • 1. Know how you are affected. If you are informed of a breach, or read about one in the media, make sure you understand what data may be affected. Consider contacting the organisation that has been breached to find out what personal or sensitive data has been compromised.
  • 2. Follow the steps in the ACSC tool 'Have you been hacked?' to find out what you can do if your information has been breached. Select ‘My information has been lost or stolen’ and follow the prompts. The tool will help you secure your finances, accounts, email and identity.
  • 3. If your password has been compromised, reset all accounts with that password immediately.
  • 4. Be sure to confirm any communications from an organisation with an official source. Scammers might try to take advantage of you because of a data breach. For example, you may receive an email asking you to reset your password because it was compromised. Go to the official website to do this instead of using any links provided in the email.
  • 5. Review your account security settings. Some online services allow you to view what devices have recently used your login details and any recent transactions. You can usually also log out those devices from these settings.
  • 6. Refer to the Office of the Australian Information Commission website for more information on how to respond to a data breach containing your contact details, financial information, government-issued identity documents, tax file number and tax-related information and health information.
  • 7. Visit the IDCARE website and complete the Get Help Form. IDCARE is Australia and New Zealand’s national identity support service. An IDCARE Identity and Cyber Security Case Manager can work with you to develop a specific response plan for your situation and support you through the process.

    You can find out more at:
    https://www.cyber.gov.au/learn/threats/data-security

bzTrack uses 2FA as an additional security layer to help you protect your account.

When you first join bzTrack, a One Time Password will be sent for security. By default, this OTP will be sent to your primary email address each time you log-in, but you can go to Two-Factor Authentication under the User menu once you’ve logged into bzTrack, and change this method to instead use the Google Authenticator app.

Two-Factor Authentication via email is a quick and easy way to make your account more secure, but Google Authenticator is considered a safter way of authenticating than email, especially if you are using Google Authenticator on a different device to the one you access bzTrack on.

If a user accesses bzTrack on their computer, and Google Authenticator on their phone, someone trying to access their bzTrack account would need both devices and their account password to complete the OTP and log in.

You can download the Google Authenticator app from Google Play or the App Store.

Whichever method you use, please remember that strong and unique passwords for ALL your devices and services, offer the best first layer of security for your accounts.