Cyber security

Fraud and cyber security acknowledgement

How we’re protecting you

Client Level

To prevent fraud, we require verbal attestations for any movement to accounts that don’t have standing instructions in place. This means that any request you make to draw or transfer funds will be initiated once you have spoken live to a Balentine team member. While we know the convenience and preference of email and text, we require speaking to you personally for your added protection. This policy has enabled us to avoid fraud on several occasions. In addition, we ensure sensitive information is sent securely by password-protecting documents and providing only clients with the password.

Employee level

As part of onboarding, employees are trained to recognize signs of fraudulent emails and phone calls. This knowledge is practiced and reinforced with regular simulated phishing attacks. Also, we require employees to use a password manager protected with a password that must be changed regularly. This ensures passwords are secure for all Balentine applications.

Firm level

We work closely with other firms to provide the highest level of security and customer service.  First, we contract with information technology firms that monitor our data security, conduct penetration tests, and enable us to respond to ransomware attacks. In addition, we work with vendors like Pershing, eMoney, and Salesforce to store your data and funds securely. Each of these vendors has its own security measures in place as well (linked above). When it comes to electronic communication, we leverage an email encryption service (Zix) that automatically encrypts all emails sent from Balentine domains that include specific keywords. When the email is sent, the system automatically determines if the recipient is also a member of Zix. If the recipient is, the email shows up automatically and is encrypted by the recipient’s public key. This is a quick, transparent solution for those recipients. If the recipient is new to the system, the email is sent to a secure messaging portal that is leveraged to deliver the email.

Steps to protect yourself

If you receive a communication, such as a phone call or email, that purports to be from Balentine and feels suspicious, reach out to us directly to confirm the legitimacy of the communication.

In addition, in a 2014 article on their website, The Securities and Exchange Commission identifies some basic steps to protect all your sensitive information:

Passwords

Ensure passwords contain a mixture of numbers, symbols, and uppercase and lowercase letters which do not correspond to any personal information, like an anniversary date or a pet’s name, or a word that can be found in the dictionary. Do not use the same password across multiple accounts, change passwords regularly, and do not share passwords over electronic messaging, like text messaging or email.

Two-step verification

Two-Step verification adds an additional layer of security to your accounts by requiring a special code in addition to a password to log in. After entering the password, a code will be sent to another account you own, and you must provide that unique code to access the account. You may be familiar with this, as it is required by Pershing.

Exercise caution accessing sensitive information in public

Avoid accessing sensitive information in public, especially on unsecured wi-fi networks. Balentine employees are forbidden for using company laptops on unsecured networks like at hotels or the airport. Rather, we are required to use personal hotspots on our phones. If you must access sensitive information, ensure that the site is secure before entering your password. A secure site is denoted by https rather than http.

You can read the rest of their tips here.

We can’t predict a cyberattack, but we can take steps to prevent it from happening and be prepared to address it if it does. If you have more questions, do not hesitate to reach out to your relationship manager or info@balentine.com.