Cyber Security & Digital Resilience
Hamster takes cyber security and digital resilience seriously. We understand our users always expect our services to be available and their data to be kept secure. We work hard to manage security risks and stay ahead of possible threats by maintaining focus on the following areas.
- Secure code development
Our code is developed with OWASP Top 10 in mind and reviewed with automatic tools. We are committed to best practices for secure software development.
- Data encryption
We use HTTPS by default, to protect information that our users transmit throughout the platform, in accordance with industry standards. Our internal policies require encryption of laptops to protect our data in case of loss or theft.
- Availability and digital resilience
We have a high-availability solution that protects our infrastructure against Distributed Denial of Service (DDoS) attacks. Additionally, our services use a Web Application Firewall (WAF) that protects the platform from malicious activities that could compromise our data.
- Two-Factor Authentication
We offer two-factor authentication and strongly recommend it is used by our users for maximum security. We have made two-factor authentication mandatory for all our employees to access critical business services.
- Audits and penetration testing
We use recognised accredited third parties to perform information security audits. We perform regular penetration tests of our platform and internal networks across our offices. We also have an internal vulnerability management process with automatic scanning capabilities.
- Third party security
Like many businesses, we use certain third-parties to support the services we provide to our users. We ensure that third parties are properly assessed in line with our security, outsourcing and data residency policies and procedures, and reviewed on a regular basis.
- Incident and vulnerability reporting
We strive to implement high standard of cyber security and digital resilience, but incidents or vulnerabilities may occur. If you would like to report or provide feedback on any issue please contact our Information Security Director on firstname.lastname@example.org. We treat any such report or feedback as high priority and will address them as soon as possible.
- Payment security
When you make a payment using Hamster, we use a third-party provider, myPOS Europe Ltd. myPOS has been audited by a PCI-certified auditor and is certified to PCI DDS. This is the most stringent level of certification available in the payments industry. They make use of best-in-class security tools and practices to maintain a high level of security at myPOS. Full details can be found here.
- KYC and AML
When early-stage and growth-focused businesses register on the platform to raise capital, they will have to go through a KYC process. Hamster uses an third-party provider, Mati (MATI TECHNOLOGIES SOCIEDAD DE RESPONSALIDAD LIMITADA DE CAPITAL VARIABLE ) . Mati is SOC2 certified. They make use of best-in-class security tools and practices to maintain a high level of security at Stripe.
- Industry collaboration
We work closely with other peers and organisations that meet industry standards, to improve our cyber security and digital resilience. We often take part in security forums, conferences and private discussion groups to stay ahead of threats to our business.
- Human resources security
Hamster employees receive security awareness training on an ongoing basis, and are required to adhere to our information security procedures. Any incidents of non-compliance are dealt with by our Information Security Director, who has full access to the Hamster Board.