As a technology support provider for small businesses, security was the first and most fundamental core value our team based all design and development decisions around. I think at this point most people have had a personal experience with or know of at least one person who has had an account hacked or had their personal information stolen. While companies get smarter about protecting themselves, data thieves get smarter too – and more creative. From conception to launch, security has been embedded into every aspect of our platform. We have to know and trust the organizations we work with because we can be as careful as possible but how careful are the companies that we create accounts with? And provide payment information to? In the spirit of another one of EVAN’s core values that I’ll write about soon, transparency, I wanted to share all the security measures we’ve taken to ensure our users are protected every step of the way.
Who makes up our network of IT Professionals?
All IT Professionals on our application are US-based citizens who have passed a background check. In addition, we have a focused effort to bring as many Veterans as we can onto our platform as IT Professionals. We are so grateful to our Veterans for their service and risking their lives for our country.
How do we screen our IT Professionals?
Below are the steps we take with each EVAN candidate before they are added to our platform.
- Review Qualifications. Our internal team reviews each submission and confirms the candidate does in fact have the qualifications that they have listed.
- Perform a Consultation. Each consultation tests both the technical and interpersonal skills of the candidate. Based on the skill-set and qualifications of the candidate, we go through a mock help session based off real scenarios they might encounter. Not only does the candidate have to quickly and effectively resolve the issue they are presented, but they must do so in a friendly and professional manner – without using hard-to-understand, super-techy lingo.
- Run a Background Check. Every IT Professional on the platform is a US Citizen who has passed a thorough background check.
- Perform Training and Onboarding. At this point we already know the Pro is qualified and certified. Our onboarding covers how the application works and what level of service and professionalism is expected and required for our users. We also run through plenty of mock help sessions based on actual scenarios.
How do we protect login information?
We partnered with Auth0 to handle the signup and login function of our application to keep users’ passwords protected at the highest level. With our integration with Auth0, your passwords are never stored as their text. They are always encrypted, along with all network communications and connections. To read a more extensive explanation on how Auth0 protects your login information, please visit their webpage here. https://auth0.com/security
How do we securely connect users to an IT Pro?
Once a user has submitted a help request, the application automatically routes the request only to the IT Pros qualified to help with that function. When an available IT Pro accepts the request, the user is immediately notified on their screen and sees who wants to help them. The user then has the option to accept or decline the match. If the match is declined, the help request is pushed back out to the remaining IT Pros still available to help.
After both parties agree to the match, the IT Pro reaches out however the user prefers to be contacted – phone, messaging through the screen, or instantly connecting to a remote session. Most users prefer to be called directly on a number they provide so they can explain their IT need fully.
What controls are in place when users receive remote support?
In order to resolve the issue or address the specific need, most help sessions require the IT Pro to view the user’s screen and see what they are seeing. It is up to the user to provide the level of access they feel most comfortable with whether they want to give their Pro ‘view only’ access or allow full remote support access. With remote support access the Pro is required to explain every action they are performing. All sessions – whether they were ‘view only’ access or full remote access – are recorded.
The recorded sessions are helpful for users to go back to if they want to remember how EVAN resolved their issue in the future, but more importantly the recording function is a security measure. All recorded sessions can be found in the History section of the application. Company admin have access to all recordings of their employees’ sessions as well.
Our internal technical team has access to all sessions and audits them to ensure our IT Pros continue to uphold our standards of service. Users are able to easily report any IT Pro or help session that did not meet their expectations and we can easily pull and review the recorded session.
How is payment information protected?
Payments are completed through a well-known, secure payment vendor called Stripe. We are one of many online applications using Stripe to support secure payments on the web. Your payment information is never stored in EVAN’s system. We leave the payment expertise to Stripe so we can focus on delivering exceptional service.
No matter what service provider you use to support you and your company’s technology, make sure they take every measure possible to protect your data.