eSIM Go recognises that partners and customers are developing a wide range of applications for delivering our services to end users. There is a lot of technology involved in this delivery. Partners and customers developing applications and handling communications with us should be considerate to the following security points.
Email Security
When a company experiences a security breach it is often through acts of social engineering, because of this, having secure and safe practices with regards to your company email address is vital.
Never follow or sign-in to things via email links from outside the company. Attachments should only be shared internally via a secure medium and never download unknown files. Below are some resources for better understanding email security, there are many more resource on the internet to assist, but we feel these guides help in bringing the most important points forward.
https://www.techtarget.com/searchsecurity/tip/2019s-top-email-security-best-practices-for-employees
https://www.itgovernance.co.uk/email-security
https://www.mailmodo.com/guides/email-security-best-practices/
API Token Security
Your API token is how you authenticate with the eSimGo API. This token is your access authentication and identity. Every effort has been made to ensure security on eSIM Go systems, however, customers and partners are responsible for protecting their access tokens to the eSIM Go API.
By not following best practices a malicious actor could use your API key to access the eSIM Go API and services which could potentially expose information about your company. Below are guides to further elaborate on the importance of API token security.
Please be sure to not share API tokens with the eSIM Go support team, or other members of the eSIM Go team. We do not need this information to provide support to you.
https://www.linkedin.com/advice/0/what-best-practices-securing-api-keys-tokens
https://developers.google.com/maps/api-security-best-practices
https://developers.amadeus.com/blog/best-practices-api-key-storage
Development and Cyber Security Considerations
eSIM Go partners and customers should consider the following OWASP top 10 Web Application Security Risks guidelines laid out on the OWASP website when developing their own applications.
https://owasp.org/www-project-top-ten/
eSIM Go Support
If you are struggling to manage a security breach and need assistance or wish to report a security issue to us then please contact our support desk. eSIM Go will work with you to assist as best we can when issues are brought to our attention.
When raising a ticket about a security breach please be clear in what the issue is. Raise the ticket as a high priority such that the appropriate teams can be engaged, this will require the web form is used to set an appropriate priority. Our teams will raise an incident on our systems and request assistance from within our business appropriate to the breach type and will best advise where we are able using resources that are best placed for the type of issue.