You are safe with us.

Safeguarding client data, keeping compliance happy, protecting your reputation against cyber threats… it’s a lot to think about. Rest assured, we’ve got you covered.

SSL/TLS Ready

Your website comes with Transport Layer Security (TLS) encryption (TLS is a more updated, more secure version of SSL). This feature lets your browser establish a secure connection with the web server by receiving a copy of its certificate, a layer of security that makes it impossible for information to be intercepted. In short, we keep the data on your website safe and secure.

Secure Data Storage

Every piece of data collected about you or your clients is considered private and confidential. This data is stored in our carefully-tested production system, on a secure cloud, with restricted access. All of the information processed and stored in our application is strongly encrypted both in transit and at rest. We integrate the most current SSL/TLS methods with super-strong ciphers.

Powered by AWS

We securely collect and store all data pertaining to your clients and marketing campaigns using state-of-the-art strong encryption. Our service is hosted on the leading cloud platform, Amazon Web Services (AWS). AWS uses the latest in cybersecurity protocols to keep your data locked away, safe from prying eyes while ensuring that your FMG Suite tools are available 24/7.

What can you do to help?

The best cybersecurity is a collective effort. While our platform is built around a secure core, we can’t ensure your safety alone. Here are a few things you can do to help.

Keep your passwords strong, unique, and safe.

It’s vital that you maintain the control and security of your login credentials. FMG Suite supports strong passwords and works with all major password management systems. Some of our clients may also connect Single Sign On to their firm credentials, further enhancing security.

Use our SSL option for your public site.

Your public FMG Suite website has the option to use SSL/TLS encryption for every page. This changes the URL for your site to HTTPS and will cause web browsers to show a SECURE icon to your visitors. In order to use this option, you need to ensure that your embedded content also uses SSL encryption and has an HTTPS link.

Carefully examine external content or links.

We ensure that all our content is safe and free of any malicious code, but we also allow you to link to outside sites. Your clients will associate you with the material you recommend to them, so it is vital to ensure that you only link to safe content. When in doubt, stick with FMG Suite content.

Reference your firm’s security and compliance procedures.

The financial services firm(s) you are affiliated with have cybersecurity policies and procedures in place. Ask your firm how they would like you to use tools like FMG Suite within the security protocols they have in place.

Securely Connected to Compliance

We built our products to address the need to review, retain, and restore data per industry and government regulations. FMG Suite makes a point of reviewing all new features and updates from government agencies like the SEC and State security divisions, industry bodies like FINRA or the MSRB, and regulatory frameworks like HIPAA.

Frequently Asked Questions

Product Security Questions

We securely collect and store all the data regarding your clients and marketing campaigns using state-of-the-art strong encryption. Our service is hosted on the leading cloud platform, Amazon Web Services, where the latest in security keeps your data locked away where you want it while ensuring that FMG Suite is available 24/7.

Yes. We encrypt all data both in transit (as it is added to the system or accessed for your use) and at rest (when it is stored for later use). We use up-to-date ciphers for all encryption and tightly control access to strong encryption keys.

Definitely! We utilize multiple backup methods both in realtime and via periodic snapshots. This is a key feature of our system as it ensures users won’t lose data in the event of an interruption in service, plus it acts as the first step in our long term retention policies.

Sure! It’s important for financial services firms to investigate and document how their information is being handled. Contact us if you have any questions or would like formal documentation.

The FMG Suite is specifically designed to make you a great marketer while meeting every aspect of your regulatory responsibilities. We empower your firm to cover review and retention requirements for federal, state, and self-regulatory organizations. Whether it’s the SEC, FINRA, or your HIPAA responsibilities, we’ve got you covered.

Definitely! Our platform is designed to ensure that Compliance worries don’t prevent you from reaching out to clients. We’ve designed regulatory retention periods into our system from the ground up.

No. Content pending approval or in draft form can only be accessed through our review portal or content editor. We ensure that your marketing material is completely private until it has gone through the review and approval process.

About Our Information Security Procedures

We securely connect with a leading subscription payment processor, Zoura, in order to offer PCI DSS Level 1 (Payment Credit Industry Data Security Standard) protection for clients’ financial information. We do not store or process this information ourselves and ensure that is it encrypted in transit at the highest levels.

As few people as possible! Most of our firm works to create content, provide technical support, and improve our product so are prohibited from accessing any confidential information. We restrict access based both on network access and individual user authentication. Only our DevOps team, our CPO, and our CEO have credentials to access information.

Everybody at FMG Suite must pass a thorough screening at the time of hiring, with elevated requirements for positions involving access to sensitive data. We also require regular training on security procedures and periodically review employee data access.

Our employees are required to use rather complex passwords, including a variety of numbers, letters, and special characters. However, while we support this if your firm requires it, we don’t enforce a minimum requirement for our clients. All passwords are salted and encrypted regardless of how you choose them. Our service can be used with secure password management utilities and enterprise clients can connect to us via Single Sign On.

With great care! We apply industry best practices and careful code review to harden our system against these threats, proactively apply patches to our infrastructure, and utilize a WAF (Web Application Firewall) to detect and block injection attempts.

Both our core services and our clients’ websites are protected by CloudFlare, the leading provider of security against spam, phishing, and DDOS attacks. We also use CloudFlare for WAF (Web Application Firewall) and SSL/TLS encryption on client sites.

Yes. We encrypt all data both in transit and at rest. We carefully manage encryption keys and update our standards as the state of the art advances.

Our service strictly uses HTTPS for every application such that all private data is encrypted in transit. We offer HTTPS for clients’ public sites as well. We use the most current standards and carefully disable older options with known issues. Our standards include TLS 1.2, SSL/TLS certificates using SHA256 with RSA encryption, and modern ciphers using 2048 bit RSA keys. We regularly update our encryption standards and proactively patch against newly discovered exploits.

About Our Data Center

We don’t operate any servers in-house. The FMG Suite service is hosted in the cloud on Amazon Web Services. We may use multiple Amazon regions within the United States. None of our clients’ data is hosted overseas and we have strict controls to keep it within the protected cloud service.

The FMG Suite offices and our production systems are distributed across multiple locations and are portable. In the event of disruption to our cloud service in one location, we are able to seamlessly move the system to another region. This makes us highly resistant to natural disasters and other disruptions.

Absolutely! We regularly test our systems against both internal and external threats. We monitor security threats continuously, apply patches to our infrastructure as soon as possible, and even contract with third party penetration testing.

Of course! Our system provides multiple ways for us to detect and prevent inappropriate access attempts. We have written policies and procedures for detecting and responding to such attempts.

Our service within Amazon Web Services is regularly audited for compliance with industry standards under SSAE 18 guidance. SOC 1, SOC 2, and SOC 3 reports are available upon request. It meets globally recognized standards such as ISO 27001 (Security Management Controls), ISO 27010 (Cloud Specific Controls), and ISO 27108 (Personal Data Protection). It also supports domestic regulatory frameworks such as HIPAA. You can learn more on Amazon’s Compliance site at https://aws.amazon.com/compliance/