Xoxoday maintains a documented and actively enforced remote workstation security strategy that applies full disk encryption, endpoint detection and response, multi-factor authentication, and data loss prevention to every employee device operating outside a trusted network.
Device-Level Encryption
Every Xoxoday company-issued workstation runs full disk encryption by default. Windows devices use BitLocker; macOS devices use FileVault. This ensures that if a device is lost or stolen, the data stored on it remains inaccessible to unauthorised parties — a baseline requirement under Xoxoday’s alignment with ISO 27001 and SOC 2 Type II standards.Endpoint Detection and Response
Xoxoday deploys advanced endpoint detection and response (EDR) software on all company devices. EDR goes beyond traditional antivirus by offering real-time behavioural threat detection — identifying anomalous activity patterns rather than relying solely on known malware signatures. This means threats that have never been seen before can still be flagged and contained before they cause damage.Authentication and Access Control
All access to Xoxoday’s internal applications and systems from remote locations requires multi-factor authentication (MFA), using one-time passwords or authenticator apps. Combined with role-based access control (RBAC), employees are only permitted to reach the specific resources their role requires. For example, a team member using Xoxoday’s rewards administration panel from a home network must authenticate through MFA and is restricted to the data and actions that match their assigned role — nothing more.Patch Management and Monitoring
Remote workstations are automatically enrolled in Xoxoday’s centralised patch management system, ensuring operating system and application updates are applied promptly without relying on individual employees to initiate them. Simultaneously, SIEM tools aggregate logs from remote endpoints and flag anomalies — unusual login times, unexpected geographic access, or high-volume data queries — for review by Xoxoday’s security operations team.Data Loss Prevention
Xoxoday enforces data loss prevention (DLP) policies that restrict removable media usage, control data transfers, and prevent sensitive information from leaving the organisation’s boundaries through unapproved channels. These controls apply regardless of whether an employee is working from a coffee shop, a co-working space, or their home network. Together, these controls form a consistent and auditable security posture that protects Xoxoday’s institutional data wherever work happens. Learn more: Xoxoday Help Centre — Data, Policy & PrivacyHow does Xoxoday handle data encryption at rest?
Learn how Xoxoday protects stored data using AES-256 encryption across databases, backups, and file systems.
Does Xoxoday support multi-factor authentication?
Understand how Xoxoday enforces MFA across internal systems and customer-facing portals to prevent unauthorised access.