Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

This page overviews Netchex's security program and is your one-stop shop for all your due diligence and vendor management needs. At Netchex, we understand that data confidentiality, integrity, and availability are paramount to your business's success and continued growth. That is why we bake our Information Security Team's commitment to data security into every aspect of our services.

Call us at (877) 729-2661 or email at hello@netchexonline.com for more information on how to protect your employee data by choosing Netchex.

Compliance

SOC 1 Logo
SOC 1
Start your security review
View & download sensitive information
Ask for information
Security Whitepaper
SOC 1
Netchex Security Questionnaire
Financial Reports
Network Requirements
Vulnerability Assessment Report
Insurance Certificates
Master Services Agreement
Business Continuity Policy
General Incident Response Policy

Risk Profile

Data Access LevelRestricted
Critical DependenceYes
HostingMajor Cloud Provider

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Financial Reports
Network Requirements
Security Whitepaper
View more

Self-Assessments

Netchex Security Questionnaire

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Code Analysis
Secure Development Training
Vulnerability & Patch Management
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Corporate Security

Employee Training
HR Security

Policies

Business Continuity Policy
General Incident Response Policy

Security Grades

Qualys SSL Labs
Netchex Application
A

Trust Center Updates

Avoid Fraud, Use Official Netchex Portal

IncidentsCopy link

Several national payroll companies have become aware that a phishing campaign is currently being conducted against clients and their users using Google Ads to steal their login credentials. We are advising everyone to use and bookmark this direct link to the Netchex login portal: https://na3.netchexonline.net/n/Login/#/

Do not use Google to search for the Netchex login portal.

As a precautionary measure, we advise any employees who may have entered credentials into a website found through Google to change their passwords immediately. This will help safeguard their personal and professional information.

Furthermore, we have already taken steps to request the removal of the fraudulent website from Google search results. While this process may take some time, we are committed to ensuring that our clients are protected from such malicious activities.

If you have any further questions or require additional assistance, please do not hesitate to contact us. We are here to support you and ensure the security of your data.

Published at N/A

Critical Bug in McAfee Web Advisor Extension for Google Chrome

GeneralCopy link

McAfee is reporting the issue was resolved in their latest update of McAfee Web Advisor Extension, version 8.1.0.4680, on January 17, 2024. They recommend uninstalling and reinstalling the extension from the Google Chrome Web Store to ensure you have the latest version.

Please get in touch with our Netchex support team if you continue to see issues in Netchex after updating this extension.

Published at N/A

Our team has identified an ongoing issue with the McAfee WebAdvisor browser extension from the Google Chrome Store that is impacting many sites across the internet and has been publicly acknowledged by McAfee. Clients experiencing issues in Netchex or other business sites have the following options to choose from:

  1. Temporarily utilize a different browser with McAfee WebAdvisor, such as Firefox, Safari, or Edge.
  2. Uninstall McAfee WebAdvisor and reinstall from the Microsoft Edge or Firefox web store. Not the Google Web Store
  3. Disable McAfee WebAdvisor until an update is released (Version Greater than 8.1.0.4679 released on January 12, 2024).

Netchex recommends that clients discuss this with their information technology team or provider to determine the best option for their business.

Published at N/A

Netchex Security Questionnaire

ComplianceCopy link

Netchex is excited to announce the first release of a standardized security questionnaire using the CAIQ Lite template from the Cloud Security Alliance. This standardized questionnaire is streamlined to allow an efficient review of the Netchex security program while providing information across 16 control domains. Netchex will keep this document updated with any material changes and add other standard questionnaire formats to help make your reviews of the Netchex security program as frictionless as possible.

Please get in touch with our team if you have a preferred template you would like us to evaluate next.

Published at N/A

Netchex SOC 1 for Oct 2022 through Sept 2023 is now available!

ComplianceCopy link

Netchex completed its SOC 1 Type II audit for the October 1, 2022, through September 30, 2023, audit period and is now available in the Netchex Security Portal. Our SOC 1 reports on Netchex's controls relevant to User Entities' Internal Control over Financial Reporting (ICFR). This Type II report covers the controls' design and operating effectiveness over 12 months.

Download the latest Netchex SOC 1 Type II Report

Published at N/A

Netchex is not affected by recent MOVEit Vulnerabilities

VulnerabilitiesCopy link

Netchex has completed its review and can confirm it has no instances of MOVEit software in its environment. Netchex has not been impacted by the high-profile MOVEit vulnerabilities affecting many government entities and organizations.

For any clients that may be directly impacted or looking for cybersecurity best practices, we recommend reviewing our Cyber Readiness blog post, which includes tips like:

  1. Enabling Multi-Factor Authentication on Netchex and other critical accounts.
  2. Auditing critical accounts for unusual activity.
  3. Ensure your company has security training and policies in place.

You should monitor your local news and communicate with other critical vendors to ensure your information is safe. If you or a team member believe your personal information may be at risk, we recommend visiting IdentityTheft.gov to make a custom recovery plan to protect yourself from identity theft.

Published at N/A

Netchex SOC 1 for Oct 2021 through Sept 2022 is now available!

ComplianceCopy link

Netchex completed its SOC 1 Type II audit for October 1, 2021, through September 30, 2022, audit period and is now available in the Netchex Security Portal.

Our SOC 1 reports on Netchex's controls relevant to User Entities' Internal Control over Financial Reporting (ICFR). Our SOC 1 report is Type 2, which reports on the controls design and operating effectiveness over 12 months.

Download Netchex SOC 1 Type II Report

Published at N/A

Netchex is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786.

IncidentsCopy link

Netchex has completed its review and can confirm that no internal corporate systems are vulnerable to OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786.

Published at N/A

Netchex has completed a review of its application infrastructure to confirm that there are no instances of OpenSSL vulnerable to CVE-2022-3602 and CVE-2022-3786.

Additional technical details are below:

All Netchex users connect to the Netchex application through our Web Application Firewall (WAF), which uses BoringSSL instead of OpenSSL. Additionally, all other publicly exposed infrastructure has been reviewed and confirmed to be free of impacted versions of OpenSSL.

The Netchex security team has regularly scheduled scans for all other internal resources to confirm that there are no vulnerable versions of OpenSSL in its corporate environment. We will post an update early next week on the results of these scans.

Published at N/A*

Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?

GeneralCopy link

A vendor that does not practice cyber readiness can directly impact your ability to conduct business and put your employees and customers at risk. Therefore, it is crucial to have a Benefits, HR, and Payroll partner you can trust.

Netchex is here to help by ensuring the data you entrust us with is safe and cyber ready, as well as provide you with free resources for your business to be cyber ready as well.

Read More: Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo