Your data is safe with us

FMG takes cybersecurity/data protection very seriously. 


Multi-tenant Platform

Our platforms are multi-tenant by design. This means you are not overspending on more hardware capacity than you need for your website but instead sharing space to fully utilize our servers. At the same time, our application design keeps your data separate from our other customers’ data

SSL/TLS Ready

Your website comes with Transport Layer Security (TLS) encryption (TLS is a more updated, more secure version of SSL). This feature lets your browser establish a secure connection with the web server by receiving a copy of its certificate, a layer of security that makes it impossible for information to be intercepted. In short, we keep the data on your website safe and secure.  


CloudFlare Web Application Firewall and DDoS protection

As another industry leader, CloudFlare takes website security and availability seriously.  CloudFlare’s Web Application Firewall protects our servers from even the most advanced cyber and large-scale denial-of-service attacks. They provide the tools for us to easily manage the traffic coming from the internet to keep your website online.


17a-4 Compliant Retention

We know that compliance with industry regulations is important, so we have taken steps to store our backups following the advice Amazon and Cohasset Associates. Even we cannot intentionally or accidentally remove your historical data before it is appropriate to do so.


Data is safe with us

Industry-leading Cloud Datacenter

FMG takes cybersecurity/data security (what's the right term?) very seriously. We partner with Amazon AWS and Google Cloud Platform, the industry-leading cloud platforms, to provide:

  • Better than 99.9% Uptime
  • Fault tolerance and Geographical diversity
  • Datacenter Security
  • Easy Disaster Recovery
  • Quick scale-ups

 

We've got you covered

Industry Best Practices

We follow best practices for our industry. If you are a customer (or prospective customer) of ours, you can ask for more detail about these policies. This includes important topics such as:

  • Password Security and Multi-factor Authentication
  • Encryption
  • Backups and Disaster Recovery
  • Privacy
  • Network Security
  • Training
Test and QA

Security Testing

We complement our internal security expertise with external partners to review and test every aspect of our platform and security policies and procedures. This includes a penetration test of the platform conducted at least annually. The most recent report is available upon request.

Keep Your Data Private

Privacy

The majority of data we require is public and intended to go on your website or social media. Any sensitive personal data, such as billing information, is secured in separate systems maintained by industry leaders in data security. We will never ask you for unnecessary personal data.

Frequently Asked Questions

Product Security Questions

What security features do you offer?

We securely collect and store all the data regarding your clients and marketing campaigns using state-of-the-art strong encryption. Our service is hosted on the leading cloud platform, Amazon Web Services, where the latest in security keeps your data locked away where you want it while ensuring that FMG is available 24/7.

Is our data encrypted?

Yes. We encrypt all data both in transit (as it is added to the system or accessed for your use) and at rest (when it is stored for later use). We use up-to-date ciphers for all encryption and tightly control access to strong encryption keys.

Is you user data backed up?

Definitely! We utilize multiple backup methods both in realtime and via periodic snapshots. This is a key feature of our system as it ensures users won’t lose data in the event of an interruption in service, plus it acts as the first step in our long term retention policies.

Can you provide our firm with due diligence or cybersecurity information?

Sure! It’s important for financial services firms to investigate and document how their information is being handled. Contact us if you have any questions or would like formal documentation.

Do you meet regulatory Requirements?

The FMG is specifically designed to make you a great marketer while meeting every aspect of your regulatory responsibilities. We empower your firm to cover review and retention requirements for federal, state, and self-regulatory organizations. Whether it’s the SEC, FINRA, or your HIPAA responsibilities, we’ve got you covered.

Do you meet document retention requirements?

Definitely! Our platform is designed to ensure that Compliance worries don’t prevent you from reaching out to clients. We’ve designed regulatory retention periods into our system from the ground up.

Can search engines index our content before approval or publishing?

No. Content pending approval or in draft form can only be accessed through our review portal or content editor. We ensure that your marketing material is completely private until it has gone through the review and approval process.

About our Information Security Procedures

How does FMG process payments and protect credit card data?

We securely connect with a leading subscription payment processor, Zuora, in order to offer PCI DSS Level 1 (Payment Credit Industry Data Security Standard) protection for clients’ financial information. We do not store or process this information ourselves and ensure that is it encrypted in transit at the highest levels.

Who can access clients' information stored by FMG?

As few people as possible! Most of our firm works to create content, provide technical support, and improve our product so are prohibited from accessing any confidential information. We restrict access based both on network access and individual user authentication. Only our DevOps team, our CPO, and our CEO have credentials to access information.

What sort of due diligence is performed for your employees?

Everybody at FMG must pass a thorough screening at the time of hiring, with elevated requirements for positions involving access to sensitive data. We also require regular training on security procedures and periodically review employee data access.

What is your password complexity policy?

Our employees are required to use rather complex passwords, including a variety of numbers, letters, and special characters. However, while we support this if your firm requires it, we don’t enforce a minimum requirement for our clients. All passwords are salted and encrypted regardless of how you choose them. Our service can be used with secure password management utilities and enterprise clients can connect to us via Single Sign On.

How do you handle combat SQL and XXS injections?

With great care! We apply industry best practices and careful code review to harden our system against these threats, proactively apply patches to our infrastructure, and utilize a WAF (Web Application Firewall) to detect and block injection attempts.


How do you protect against DDOS and other malicious attacks?

Both our core services and our clients’ websites are protected by CloudFlare, the leading provider of security against spam, phishing, and DDOS attacks. We also use CloudFlare for WAF (Web Application Firewall) and SSL/TLS encryption on client sites.

Is all client data encrypted?

Yes. We encrypt all data both in transit and at rest. We carefully manage encryption keys and update our standards as the state of the art advances.

What about SSL/TLS?

Our service strictly uses HTTPS for every application such that all private data is encrypted in transit. We offer HTTPS for clients’ public sites as well. We use the most current standards and carefully disable older options with known issues. Our standards include TLS 1.2, SSL/TLS certificates using SHA256 with RSA encryption, and modern ciphers using 2048 bit RSA keys. We regularly update our encryption standards and proactively patch against newly discovered exploits.

About our data center

Do you operate your own servers? Where is your data center?

We don’t operate any servers in-house. The FMG service is hosted in the cloud on Amazon Web Services. We may use multiple Amazon regions within the United States. None of our clients’ data is hosted overseas and we have strict controls to keep it within the protected cloud service.

How is your server center resistant to disasters?

The FMG offices and our production systems are distributed across multiple locations and are portable. In the event of disruption to our cloud service in one location, we are able to seamlessly move the system to another region. This makes us highly resistant to natural disasters and other disruptions.

Are your systems tested for vulnerabilities or security flaws?

Absolutely! We regularly test our systems against both internal and external threats. We monitor security threats continuously, apply patches to our infrastructure as soon as possible, and even contract with third party penetration testing.

Do you monitor for intrusions?

Of course! Our system provides multiple ways for us to detect and prevent inappropriate access attempts. We have written policies and procedures for detecting and responding to such attempts.

What data security standards apply to your data center?

Our service within Amazon Web Services is regularly audited for compliance with industry standards under SSAE 18 guidance. SOC 1, SOC 2, and SOC 3 reports are available upon request. It meets globally recognized standards such as ISO 27001 (Security Management Controls), ISO 27010 (Cloud Specific Controls), and ISO 27108 (Personal Data Protection). It also supports domestic regulatory frameworks such as HIPAA. You can learn more on Amazon’s Compliance site at https://aws.amazon.com/compliance/

Current FMG customer? Download our app today!