Carlson Capital Management Security
We use many controls to protect data at Carlson Capital Management. Our electronic data resides in a secure data center, with a documented disaster recovery plan that includes redundant and failover servers, routers and switches. We employ an advanced access control framework that enables secure authentication, records logs of user activity and allows administrators to control which users have access to servers, applications, files, and folders. Limiting who has access to our system dramatically reduces the chance of an unauthorized party accessing confidential data. Data center operations staff follows a best practice system-hardening process to strengthen our core systems and network devices from potential attacks.
Data Center Security
Our hosting provider performs the following information security testing:
- Vulnerability Scans: Regular vulnerability scans are performed to help ensure systems are configured appropriately to reduce the likelihood that vulnerabilities will impact operations.
- Penetration Tests: Periodic penetration tests are performed to help ensure controls are operating as intended. Various scenarios have been used for different tests and processes continue to be changed periodically.
- Audits: SSAE 16 SOC 1 Type 1 and SOC 2 Type 2 audits help evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.
CCM Client Portal
The CCM Client Portal provides secure and anytime access to an interactive big picture, real-time overview of all of your CCM-managed accounts. The majority of our clients are using the portal to access their data and quarterly statements. In addition to this being a secure delivery vehicle, not printing your statements (containing account numbers and balances) helps to mitigate identity theft as well.
CCM Business Risk Mitigation Committee
We have an internal committee of colleagues who meet regularly to review the firm’s business practices and procedures with the intent of identifying and addressing potential areas of risk mitigation. The committee consists of a diverse group of colleagues representing teams and departments throughout the firm, ensuring a broad range of representation and coverage for the organization.
An update from Schwab reported that more than 90% of fraud attempts reported by advisors involved a falsified email. In other words, fraudsters use malware to steal email login credentials, then contact advisors disguised as the client.
We share this with you to underscore the importance of our practice of not accepting trade, wire or account transfer requests via phone messages or email. All such requests are required to be made by a live phone call, or in person. We pride ourselves on knowing you and providing personal customer service at CCM and it is never our intent to offend you if we ask you to verify your identity—it is because of the increasing frequency of fraudulent attempts.
We hope these communications on data security have been helpful to you. Again, please contact any of us at Carlson Capital Management if you have questions.