Security

ReachLocal uses a multi-layered approach to protect our information and systems. We take information security seriously and employ administrative, technical and physical controls to protect data.

Application & Network Protection

• Web application firewalls to minimize the threat vector posed by application-level attacks (such as SQL injection)
• Network firewalls to only allow specific protocols access to a limited set of IP addresses for business applications
• Network segmentation, including the use of Demilitarized Zone (DMZ) architecture

Security Management

• Encrypted access to applications using Transport Layer Security (TLS)/Secure Socket Layer (SSL) using industry-standard 2048 bit key-length
• Network scans of environment for vulnerabilities using the commercial network scanners
• Configuration management software for core applications to ensure the right access and settings are in place
• Two Factor Authentication to key internal servers and applications
• Centralized logging to review, investigate and resolve issues
• Host based intrusion detection (HIDS) to enable visibility into system changes
• 3rd party application security firm to continuously test the security of our key web applications
• Agile practices to incorporate security updates into releases
• Consulting security advisories to monitor any vulnerabilities in technology stack

Availability & Disaster Recovery

• Global footprint of seven data centers across four continents, minimizing latency and increasing performance of our products
• Availability monitoring of services internally and externally (3rd party) with real-time notification of downtime
• Application performance monitoring to ensure performance standards are met
• Data replication of data between production & recovery site

Education & Training

• Developers take specialized training in application security at least annually
• Employees take at least annual information security awareness training, delivered in nine languages covering topics from phishing to mobile device security

Physical Security

• Data center providers with SSAE 16 SOC compliance reports

Contacting Us

If you have any comments or questions regarding our security, please contact us at security@reachlocal.com, or at our contact information below.