Client Portal Security Measures

"Our Client Portal is the Most Secure Client Portal available on the market."

Your data is protected in secure environments. Most Client Portals provide 5 or 6 layers of security. Our host, protects you with 13 Layers of Security.

1. SAS 70 Certified Datacenter

Not all datacenters are alike. You don't want your data hosted on a low-cost, "cheap" datacenter. The best datacenters are SAS 70 Type II certified. That means a specially trained CPA Firm performed an in-depth audit attesting to the fact that the datacenter has sufficient processes, controls, and safeguards to keep your data safe from theft, corruption, or mishandling.

2. Encrypted File Storage

Almost all Client Portal providers encrypt the data as it's transferred to the server. But what they fail to do is encrypt the data when it's on the server. Since the data spends almost all its time on the server, we feel it's necessary to store the data in an encrypted format.

3. High-Level Filename Obfuscation

As an additional level of security, all of the filenames stored on the server are unrecognizable. Instead of meaningful filenames, they are listed as a random set of characters and numbers.

4. Forced SSL Transfer

The best way to protect your data is to transfer the data over a Secure Socket Layer (SSL). SSL encrypts the data so it's  useless to anyone who goes through the effort of capturing it.

5. SQL Injection Protection

Our Client Portal renders SQL Injection attacks useless because it utilizes the "Best Practice" of parameterized data calls.

6. Brute Force Login Protection

You are protected from Brute Force attacks because after 3 incorrect login attempts the Client Portal uses CAPTCHA technology which requires a human to read an image that appears. This stops computer programs from guessing correct user and password combinations.

7. Strong Password Policies

Weak "easily cracked" passwords are unsafe. The Client Portal never allows weak passwords. We require our clients to create passwords that meet certain levels of strength.

8. State-of-the-Art Firewall

Our Client Portal's host, uses a state-of-the-art CheckPoint UTM-1 Edge Firewall that is configured with the least number of ports open and advanced IP restrictions.

9. Real Time Virus Scanner

The servers are continually scanned for viruses and the virus database is updated every hour.

10. FireSlayer - Denial of Service Attack Protection

The servers are additionally protected from denial of service attacks. A denial of service attack is made when a virus infects thousands of computers on the Internet. Then all those infected computers make repeated requests to a single server. The targeted server often can't handle the load, and it crashes. The FireSlayer system detects this kind of activity and automatically blocks the abusive traffic on the fly.

11. TippingPoint - Intrusion Prevention System

This system fully inspects every packet of data coming to the servers, and then determines whether it's legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from reaching their targets.

12. Detailed Audit Trails and Reporting

All accounting firms must comply with the Gramm-Leach-Bliley Act and are specifically accountable for the safe and verifiable delivery of sensitive information. Firms must additionally make sure the intended recipient is the only recipient.

The Client Portal provides records of every transaction to assist us in our auditing.

13. Operating System Hardening and Patch Management

Our host servers are continually updated with the newest OS patches, hotfixes, and updates to reduce the threat of security attacks and system downtime.

These advanced security measures are fully compliant with Sarbanes-Oxley and Gramm-Leach-Bliley.