Security at Insider

Enterprise-grade data protection and data privacy

Insider’s approach to security is both programmatic and precise. It combines a team of dedicated experts, policy makers, and partners with the application of critical tools, certifications, and technologies. Your information — and your customers’ information — is safeguarded from one end of the Insider Growth Management Platform (GMP) to the other.

A dedicated team of security experts

Insider’s Chief Information Security Officer (CISO) and Data Privacy Officer (DPO) lead an experienced team of security professionals. They develop and deploy the architectures, policies, and procedures that secure your information. The team includes experts in DevSecOps, Governance Risk and Compliance (GRC), application and infrastructure security, and beyond. Third-party vendors deliver an objective perspective. Security champions, embedded in research and development, ensure security is built into each of our products and services.

An organizational commitment to security

Security isn’t just for the experts. It extends across Insider’s organization. Everybody receives security training from the start — including full awareness of Insider’s contractual obligations for data security. Periodic education, tests and exams and continuous communication keep the entire organization up to date on emerging threats and procedures to combat them.

System security and safeguards

As you engage with Insider’s GMP, your data — and your customers’ data — enters and integrates with our systems. It’s safe.

Anti-malware and antivirus protection is installed and monitored on all endpoints.
Assessment and scanning tools actively detect and mitigate OS and application vulnerabilities.
Rotating, third-parties perform penetration testing to eradicate vulnerabilities.
Production environment is hosted by Amazon Web Services (AWS) — the highest security standards in its industry.
Entire infrastructure is protected by layered defense: FireWall, VPN, segregation, and threat and traffic detection across applications, architecture, and network.
Outside vendors and partners must be certified, reviewed, and validated for compliance.

Certified secure

Insider’s achievements in security standards and certifications attest to our standing as a security leader.

ePrivacyseal — Insider’s GMP was among the first to achieve the ePrivacyseal of approval. The certification is based on European data protection legislation and covers the requirements of the General Data Protection Regulation (GDPR) for digital products.

ISO/IEC 27000-series — ensures information assets such as financial data, intellectual property, and employee and personal identification details are kept safe and private. (https://useinsider.com/iso-270012013-information-safety-management-system-certificate/)

SOC 2 Type 1 Report — Provides information about the controls at Insider relevant to the data processed and stored by the Insider’s system and the five trust services criteria categories as noted below:
- Security
- Availability
- Processing Integrity
- Confidentiality, and/or
- Privacy

Development security and disaster recovery

The Insider development environment and lifecycle adheres to leading standards for security such as Open Web Application Security Project (OWASP) recommendations. It’s monitored across data centers on both server and application levels. Security and application logs are continuously (24×7) reviewed by a Network Operations Center (NOC) and the Insider security team.

Robust disaster recovery, resiliency measures and business continuity plans are also in place — including storage in multiple geographies and a full playbook for operational continuity in the event of natural disasters or system failures.

A protected platform

Insider’s investment in and commitment to security is ultimately reflected by its platform. It offers enterprise-grade security features, tools, and safeguards that users can rely on with complete confidence.

Multi-factor authentication — Two or more methods of authentication are required to login.

Password management — Passwords must fulfill minimum requirements. They are salted during the hashing process and never stored in cleartext.

Account lockout — Multiple unsuccessful login attempts result in a locked account.

Single Session – Single Session provides extra security for your account and prevents multiple sessions at the same time.

IP-based Sessions – Your session ends when your IP address changes during or after the session.

Session Timeout – Sessions are set to expire upon 30 minutes of inactivity, continuous sessions will timeout after 1 day.

Role-based access controls — Access is granted under strict procedures and is regularly monitored and audited.

Secured customer data — Data is stored separately with unique personal data encryption keys and only accessed for the purpose of content delivery.

Data segregation — Insider’s cloud infrastructure is broken into separate services and regions with load balancers for uninterrupted, continuous operation.

Encryption in transit — Web servers support strong encryption protocols such as SSL and TLS 1.3 to secure data in transit and through API connections.

Encryption at rest — Personal data is stored in encrypted RDS – Relational Database Service with a stronger encryption algorithm (AES256 Encryption Algorithm).

Data upload protection — Multiple measures are implemented to scan and test any data that is uploaded into the platform.

Access Logs

Insider has a comprehensive activity monitoring system that stores logs at all account levels for signing in/out to/from user accounts, creating users, setting user permissions and password changes, and creating, deleting, updating, starting and/or pausing campaigns.

Subresource Integrity (SRI)

SRI enables you to add an integrity attribute to your Insider tag which is a unique script generated for your account. This attribute contains an inline metadata. A user agent can use this metadata to verify that a fetched resource has been delivered free of any unexpected manipulation.

User Management

User Management enables you to assign roles to your team members. These roles define what your team members are authorized to do on your account.

IP Restriction

IP Restriction enables you to restrict the IP addresses that can access Insider’s panel (InOne). You can configure IP addresses to prevent or limit access to specific users or agents.

Like to know more?

Contact the insider security team: security@useinsider.com

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	11 months	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
__hstc	11 months	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-81205217-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	11 months	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	11 months	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	11 months	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
ins-c	1 day	No description
ins-storage-version	1 year	No description
insdrPushCookieStatus	1 day	This cookie is set by the provider Insider. This cookie is used for web push recieving.
RUL	1 year	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.