Information Security is vital

Fortunately, more people, businesses, and institutions are becoming increasingly aware of information security and the consequences of neglecting it. Most of us have personal and important information on our computers and phones that we wouldn’t want anyone to access. Additionally, many companies and institutions hold sensitive information about their customers. Customers need to trust companies and care about information security. Information security is vital for companies to maintain trust and credibility. If it fails, it is difficult for companies to recover and regain trust.

What is GoPro doing in information security?

Information security has always been a priority at GoPro and it has been one of the cornerstones of our software development. We follow a well-defined development process that is ISO 27001 certified and GoPro regularly conduct scans and tests and engage a third party to perform penetration testing and vulnerability testing. This is where we are constantly improving our security, and information security is a top priority for us.

Security in the System as a Service (Saas) at GoPro

The SaaS environment at GoPro is in an ISO 27001-certified hosting environment, and detailed measures are taken to ensure security in our system. Communication with Saas is done through IDS (Intrusion Detection Systems). This means that IDS acts as a security guard ensuring all communication is monitored for any suspicious activity, with specialists from GoPro responding if needed. All communication is also encrypted and only supported standards are allowed. We have a separation between all systems in the SaaS environment, meaning there are separate websites and operators for each system, as well as separate databases and connections for each system. We regularly take backups of all systems and test them.

Microsoft Entra ID authentication in Azure

GoPro customers can connect to our solutions using Entra ID authentication (formerly Azure AD authentication). This is a cloud solution from Microsoft that is set up in the Azure Cloud of customers and enhances information security. This solution increases security by adding an extra layer of security to the access. For example, with multi-factor authentication (MFA), messages are also sent to the phone. This makes it more difficult for unauthorized parties to access the system. It’s not enough to authenticate in one place, you also need a code. Additionally, access can be set up to be passwordless so there is no need to remember all passwords, and then, for example, the Microsoft Authenticator app on the user’s phone is used.

Most common cyber attacks

Phishing Attacks: Attacks where individuals are tricked into providing personal information, such as usernames or passwords, through fake websites or emails.

Password Attacks: Attacks where attempts are made to gain access to a system by guessing or breaking passwords.

SQL Injection Attacks: These attacks are usually targeted at the databases of websites. Hackers try to insert unauthorized code into the database to gain access or control data without permission.

Script Attacks: Attacks where attempts are made to run files or scripts on websites to damage them or steal information.

Cross-Site Scripting (XSS) Attacks: Attacks where dangerous scripts are inserted into web pages, which then run on the user’s computer when they view the page. XSS attacks are commonly used to steal user input or other information.

DDoS Attacks: Attacks where multiple computers are used to overload the web server and make it inaccessible. DDoS attacks often disrupt web servers, causing them to become very slow or non-functional.

Please contact us if you want to know more

Here at GoPro, we are always ready to discuss security issues, as we are passionate about it and want to ensure that our solutions meet information security standards. We also offer our customers to add Entra ID authentication to enhance security for user logins. Please contact us by clicking here.