Keeping your data safe and private is of utmost concern to us. We utilize a range of security and encryption techniques to ensure that your data maintained in a secure, off-site, state-of-the-art datacenter. Our infrastructure and network environment is provided and managed by Newtek Technology Solutions, a wholly owned portfolio of Newtek Business Services Corp. (NASDAQ: NEWT).
Physical Infrastructure Security
The network environment utilizes multi-tiered security measures to ensure the physical security of your data, including 24/7/365 professional security, video surveillance, biometric retinal scanning, and a mantrap entry point.nsite, third-party professional security team monitors the datacenter at all times, every day of the year, with high-tech electronic, motion, and video surveillance, in addition to our own 24/7/365 staff.
- Mantrap entry point features bulletproof glass, weight-measurement to deter unauthorized "piggy-backing", and state-of-the-art biometric retinal scanning.
- If an unauthorized individual attempts to enter the datacenter through the mantrap, an alarm is activated and the man trap doors lock and trap the unauthorized individual inside.
Audited Procedures and Controls
The environment has successfully completed the SSAE 16 (SOC 1) audit, which is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).
- Their procedures and controls were formally and thoroughly reviewed, evaluated and found to meet this standard by an independent accounting firm.
- The audit included comprehensive reviews and tests of their infrastructure, including datacenter operations, server monitoring, and security measures, demonstrating that the proper procedures and safeguards are in place to protect websites and critical data.
Denial of Service Attack Protection
DoS or Distributed DoS (DDoS) attacks attempt to bring systems down by consuming resources or exploiting vulnerabilities.
- Firewalls and load balancers provide protection by constantly analyzing network traffic and disabling / blocking abnormal usage.
- Intrusion detection and prevention systems look for patterns in network traffic to detect and prevent intrusions.
Vulnerability scans are considered an essential tool in our efforts for a secured environment. We work with Approved Scanning Vendors (ASV) to identify potential vulnerabilities allowing for proactive, remedial action to be taken in terms of configuration changes or the implementation of further controls.
Application Level Security
We use encryption techniques on all access routes. All data transmission, including uploads, downloads, and browsing is encrypted using PKCS#1 SHA-256 with RSA encryption and 2048 bit SSL. Passwords must meet our stringent requirements and are always encrypted. 2FA (two-factor authentication) is offered and highly recommended.
Accessing your account using your browser is just as safe as conducting a banking transaction.
Data Security Policy
To request a copy of our Data Security Policy, please contact us.