At MAVE LLC, we prioritize the security of our clients' data and digital assets. This Security Policy outlines the measures we take to safeguard our systems, protect user information, and maintain compliance with industry security standards.
1. Overview
MAVE LLC implements robust security practices across all services, including web hosting, managed IT, and creative solutions. We follow industry best practices to ensure confidentiality, integrity, and availability of data.
2. Data Protection & Encryption
This section focuses on protecting sensitive data through encryption and access control, ensuring information remains secure and confidential.
- Encryption: All sensitive data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
- Access Control: Role-based access ensures that only authorized personnel can access sensitive information.
3. Access Security & Authentication
Our security measures undergo regular evaluations and updates to keep pace with emerging threats and best practices.
To protect client and internal systems, we implement stringent access security controls:
- Password Security: We enforce strong password policies and multi-factor authentication (MFA) for administrative access.
- Centralized Password Management: We utilize a highly secure centralized password management system, ensuring strict access controls and robust security policies.
- Advanced Authentication Methods: Where possible, we implement the most secure authentication solutions, including passwordless authentication, hardware security keys, and TOTP-based MFA to mitigate unauthorized access risks.
- Access Logging: We maintain detailed access logs for our most sensitive systems, including those handling personal, confidential, or client data. This includes but is not limited to billing platforms, Remote Monitoring and Management (RMM) software, and other critical infrastructure.
4. Web Hosting Security Measures
For clients using our hosting services, we implement:
- DDoS Protection: Layered defenses to prevent distributed denial-of-service attacks.
- SSL Certificates: Free SSL certificates are included with all hosting plans to encrypt website traffic.
- Automated Malware Scanning: Regular scanning and removal of malicious software.
- Firewall Protection: Web Application Firewalls (WAF) to prevent unauthorized access and attacks.
- Regular Backups: Daily, automated backups with secure off-site storage.
5. Managed IT & Cybersecurity Services
For clients utilizing our Managed IT Services, we provide:
- Endpoint Security & Monitoring: Real-time monitoring of devices and networks for potential threats.
- Patch Management: Regular updates for operating systems and software to close security vulnerabilities.
- Incident Response & Recovery: Dedicated cybersecurity incident handling to mitigate risks and restore operations.
- Secure Remote Access: VPN and encrypted connections for remote employees and clients.
6. Compliance & Industry Standards
MAVE LLC follows security best practices aligned with:
- General Data Protection Regulation (GDPR) (for EU clients).
- California Consumer Privacy Act (CCPA) (for US clients).
- ISO 27001 & NIST Cybersecurity Framework (internal security guidelines).
7. Staff Security Commitments
- Security Awareness Training: All MAVE LLC employees and contractors undergo regular security awareness training to stay informed about emerging threats, best practices, and compliance requirements. This training is conducted at regular intervals and updated to reflect the latest cybersecurity threats.
- Managed Identity Threat Detection & Response: Where applicable, we utilize a Managed Identity Threat Detection and Response service from a third-party security firm to monitor and mitigate potential identity-related threats in real time.
- Non-Disclosure Agreements (NDAs): All MAVE LLC employees and contractors are required to sign legally binding NDAs to protect client and company information.
- Regular Security Audits: We conduct both internal and external security audits at defined intervals to ensure strict adherence to security policies, including access control measures, password management, and data protection protocols.
8. Client Responsibilities & Best Practices
While we implement strict security measures, clients are encouraged to:
- Use Strong Passwords & Enable 2FA where applicable.
- Report Suspicious Activity to our support team immediately.
- Keep Software Updated to reduce security vulnerabilities.
9. Incident Response & Reporting
If a security breach or suspicious activity is detected, MAVE LLC will:
- Investigate & Contain the Threat. (Initial response time varies based on the severity of the incident but is initiated within industry-standard best practices.)
- Notify Affected Clients (if applicable).
- Provide Remediation Guidance & Support.
If you suspect a security incident, contact support@mave.org immediately.
10. Contact Information
For security related inquiries, contact:
MAVE LLC,
613 Washington Blvd PMB 1321,
Jersey City, NJ 07310
