ESM Inbound policies & processes
  1. Knowledge Base
  2. ESM Inbound policies & processes

How does ESM Inbound ensure the security of my systems?

ESM Inbound has a number of procedures in place to ensure your company's security when working with us.

At ESM Inbound, we value the security of your systems. We have a number of procedures in place to ensure that our team's work is secure. 

How does ESM Inbound keep my business secure

Individual user accounts

At ESM Inbound, our team members are not permitted to user shared accounts when working on client projects. This means that you only see named users accessing your company's systems. You won't find an ambiguos user account such as team@esminbound.com. 

This increases the security of your business by ensuring that: 

  • you have a clear audit trail of all actions our team members take
  • we can easily revoke access to a single user
  • we can easily suspend a single user's access. 

This reduces the risks associated with: 

  • insider threats
  • passwords shared with multiple users
  • passwords stored in insecure locations
  • confusion as to which user made a change. 

Two-factor authentication

For all systems that support the feature, our team members are required to use two-factor authentication. 

Two-factor authentication means that access to your systems can only be granted when a user has: 

  • something they know (their password)
  • something they have (the device connected to the two-factor authentication system). 

This increases your confidence that users are who they say they are while in your systems. 

Virtual private network (VPN)

ESM Inbound's team members are required to use our VPN at all times. This means that our team members are accessing your system from a secure network that is only available to ESM Inbound. 

ESM Inbound's VPN increases your security by: 

  • making it significantly less likely that our user's internet activity can be intercepted by malicious actors or other third parties
  • mitigating the risks associated with using public wifi connections when required
  • securing data sent by and to ESM Inbound's network.

If your organisation's policies require users to be accessing systems via a fixed IP address, then our VPN allows you to whitelist 185.212.168.56

Password management software

ESM Inbound uses enterprise-grade password management software (LastPass Business) to ensure that our users are using unique and strong passwords for each system they access. 

This reduces the risks associated with: 

  • weak passwords
  • passwords repeated across multiple systems. 

Our password management software also allows us to detect compromised passwords. 

In the event that you are using systems that do not allow for individual user accounts (Twitter being the most common example), then we will encourage you to share those credentials via LastPass so that our team members never know the password itself but can still access the system. 

Clear policies for remote working

ESM Inbound has been a remote-first business since we launched in 2016 and we became remote-only in 2019. Our business has been built around the principles of creating a secure and depenable remote working culture. 

Our security policies for remote working include: 

  • team members are required to work from their home address unless specifically authorised to work from a different location by a line manager. This allows us to verify that equipment and systems are secure before we authorise the changed location
  • a camera-on policy during video calls, which allows us to ensure that our colleagues really are who they say they are
  • defined working hours (by default, ESM Inbound's team members work 10am to 6pm, Monday to Friday). Line managers are authorised to change individual team members working hours to meet business needs or support individual requirements.