Data that could be considered sensitive is held at Royal Alliance/Pershing LLC., Tamarac, and in our Document Management platform (SharePoint by Microsoft).
Client data is essentially “insured” in the event that there is any compromise not at the fault of a Cassaday & Company employee, where the vendor takes full responsibility and will take necessary actions accordingly. This has never happened to us or our vendors. Any and all vendors who may handle sensitive data are thoroughly vetted from a compliance and safety standpoint, and anyone we use is domiciled in the United States. Our lawyers also get involved in every vendor sign-on process to ensure everything checks out.
It is. Sensitive information is left out of the body of emails, and transmissions are encrypted through an encryption certificate on the email itself or sent using our encrypted document transmission software, Sharefile by Citrix. Data uploaded or downloaded from our Cassaday Portal is encrypted with bank-level 128bit SSL protection in both directions.
Yes. We have scheduled (and surprise) technology audits performed by FINRA and Royal Alliance on a yearly basis, ensuring we are following all SEC standards. We consistently score perfectly on these audits and surpass what is required by the SEC from a security standpoint. We also use a full-time Managed Service Provider who does a quarterly audit on the fidelity of our systems. We were recently required by Royal Alliance to install automated cybersecurity compliance software on any device that accesses client data, in and outside of our office.
We do various forms of penetration testing on a consistent basis. These include internal “tests” to ensure employees are educated on keeping data secure. Since we have no physical servers on-site, our penetration tests revolve around the hardening of our cloud environment(s). While we can't speak to the frequency that our vendors perform these, we know all of them make massive investments into the security of their data.
Chad Cassaday, Director of Information Technology for Cassaday & Company, Inc., is a Microsoft Certified Professional (MCP) as a Microsoft Certified Technology Specialist (MCTS) in Windows 7 configuration and security, a Microsoft Certified Solutions Associate (MCSA) in Windows 10, and a Microsoft Technology Associate (MTA) in Security Fundamentals. He also has a Security+ certification from CompTIA and is currently studying for the ISACA CSX Cybersecurity Fundamentals certificate. Our MSP requires that its employees have a full range of designations and certifications.
We do. We regularly distribute and update computer policies, and our penetration tests include ‘pop quizzes’ that focus staff training on things like spotting fake emails, downloading malicious files, etc. On the advice of our Technology Client Advisory Board, we also require employees to take regular cybersecurity exams, with training and testing provided by professional testing services.
The odds of losing money in a breach with us are very slim, but you are insured by the SIPC up to $500,000, with additional insurance provided by Pershing LLC. to an unlimited amount.
Cassaday & Company, Inc., is acutely aware of the disruptive threat that ransomware poses and takes greater-than-necessary steps to protect information from this type of attack.
Cassaday developed its protection and action plan based on what the National Institute of Standards and Technology identified as the "five primary pillars for a successful and holistic cybersecurity program."
Read "How does Cassaday & Company protect against ransomware attacks?" for more detailed information regarding Cassaday's protective measures.
It's important to note that while not all attacks can be completely prevented, Cassaday & Company safeguards against ransomware threats by consistently changing and adapting its security methods.