Statement About Our System Security
We insist on the best and most secure technologies in every category. Operating systems, programming languages, framework, app engine, encryption, authentication, authorization, serverware... there are many layers, and every layer is among the best security records in its field.
Related: Email Phishing Scams - Here's How To Stay Safe
Our Security Certifications and Accreditations.
Click here for our response to advisors who have to comply with the Massachusetts WISP RegulationAll of our systems, and your data, are hosted and stored in Amazon's AWS data centers which have comprehensive compliance programs and are the same 'cloud' services used by FINRA.
Communication With Our System Is Always Through a Secure Sockets Layer (SSL)
What's SSL?
In short, SSL is the standard method to safeguard communications between computers over the internet. The computers on each end are secured behind their respective 'firewalls' etc, but they need a way to send data to each other through those firewalls.
SSL ensures that your machine can talk to ours privately using the latest standard of data encryption. Even if someone did manage to intercept an SSL data stream they couldn't understand anything inside it.
SSL also ensures that the computers are connected to the precise machines that they intended to - that no other computer can sneak into the conversation or pretend to be one of ours. It's how computers know who they're actually talking to.
How do I know we're using SSL?
You can confirm SSL is being used by noting that http:// in the URL is replaced with https://.
Most current browsers now color-code the https text (in the address bar) to indicate how secure the channel is. Green is best. If ever the https is red (or has a strikethrough font) then the certificate may not have been verified or perhaps is out of date, but your conversation is still safely and fully encrypted.
Please note that we occasionally change or update graphics which can sometimes trigger minor warnings until have we finished securing them. Meanwhile our data and yours is always encrypted (especially related to your client list and meeting plans).
We occasionally change or update graphics which can sometimes trigger minor warnings until have we finished securing them. Meanwhile our data and yours is always encrypted (especially related to your client list and meeting plans).
The Human Element
- Have their own unique login and password (see the Team Management tab).
Said another way, if anyone is using another's login to gain access to The Trusted Advisor Toolkit™, you have allowed potential security breeches. - Keep passwords private.
- Change passwords periodically.
Password changes are easy; before logging in simply click "Forgot your Password?" to receive an email containing a password reset link.
- When you remove someone from your team, removing their login access is the only way you can be assured they no longer have access.
- If a former member of your team has other team members' login information, your system security is in jeopardy.
- Unlike what you see on TV; "hackers" don't 'crack' encryption, they 'crack' people. It's a form of identity theft.
- If they can obtain enough information to imitate you, they may be able to use that information to get enough security information from others to break into your system.
- Encourage your team not to advertise any common methods they use to select passwords etc (even with other team members around the "office water cooler").
- Be suspicious of anyone who initiates any contact requesting personal or sensitive information (such as login information).
- The Trusted Advisor Toolkit™ Security TeamCompliance
Question: For compliance purposes and disclosure of outside business activities, what do you recommend I give our compliance attorney to define my Trusted Advisor work within the Toolkit?
Update 2018: Also see our GDPR Compliance guide.
Compliance Department Contact Request [Full-access Members Only]
