How We Keep Our Investors’ Personal Information Secure Online
Being that security is a top concern for our investors, we make it our top priority at all times.
Developing an online platform that involves personal data and financial information is a challenge in many ways. While the participation process must be flawless for the user, the user’s private information must also remain secure.
At DiversyFund, we knew this from the moment we decided to create a vertically integrated platform for real estate crowdfunding investments. We knew that customers’ personal and financial information needed the right set of security tools to try to avoid the data breaches that seem to be very common in this day and age.
This is why we have integrated a number of security measures into our platform, which strives to protect our investors’ confidential information.
What systems are in place to keep my information secure?
To start, our platform is fully encrypted with an SSL (secure sockets layer) certificate issued by Avast Security. Just look in the top left-hand corner, you will see a green lock showing you the SSL is installed and working properly on our platform. Furthermore, the platform undergoes a daily check for any malicious behavior and will automatically block suspicious activity.
DiversyFund has partnered with VerifyInvestor and FundAmerica to provide top-notch security to investors throughout the entire investment process. FundAmerica has been in business since 1987 and VerifyInvestor since 2013, and both are leading providers for investors and their investments.
Now that you have a general idea of how we are keeping your information secure, let’s go into greater detail on how each system specifically works to keep your personal information secure at all times.
Upon visiting our website, you are already secure likely without even realizing it. Through WPEngine, our hosting and security provider, our platform undergoes numerous daily checks to ensure your information remains secure on our platform.
From entering your information into our registration form all the way to your investment and everything in between, your personal information remains fully encrypted. Additionally, through their security measures, it means our platform is PCI compliant.
With WPEngine blocking more than 150 million attacks on a monthly basis, you can rest easy knowing your information is secure.
But, how are they really protecting my personal information?
- Threat detection and blocking. Their platform dynamically inspects traffic, looking for new kinds of attacks, or patterns of requests from certain locations that indicate nefarious activity, and they block many of those attacks automatically. Their rules evolve constantly to match the ever-evolving hackers’ tactics.
- Blocking web application attacks. Their systems proactively block numerous web attacks and flaws at both the NGINX layer, as well as within WordPress itself.
- Proactive security maintenance. Their engineers perform maintenance regularly where they develop custom plugins to further protect your information when vulnerabilities are uncovered. Furthermore, their system checks for corrupted or insecure files, which are automatically disabled.
- Disk write protection and limitation. Hackers are creative, which means we have to be too. For this reason, there is a detailed log kept of each time the disk is accessed. Additionally, they are protected by limiting what can be written to the disk, so malicious code or vulnerabilities cannot be exploited easily.
Through these meticulous security measures taken by WP Engine, we are able to provide investors with peace of mind knowing their information is safe on our real estate crowdfunding platform.
Now that you’ve registered on the website and feel safe browsing through our investments, you may be wondering how we continue to keep your information safe throughout the life of the investment and we don’t blame you!
Upon choosing an investment to invest in on our platform, you will need to verify your accredited investor status. This process is carried out by a third-party company called VerifyInvestor, which has been in business since 2013 and has never experienced a data breach.
How does VerifyInvestor protect my personal information?
Their security measures extend four levels, which include:
- 128/256-bit data encryption,
- Extended Validation SSL,
- daily vulnerability/malware scanning,
- and a system of firewalls.
Each level of security provides comprehensive protection for all of your information and here’s how:
- Encryption is a series of approaches that privatizes personal information in their databases and while it travels to and from their servers. 128/256-bit scrambles your data and ensures it is secure to the point where it’s inaccessible to hackers without a uniquely generated key.
- The Extended Validation Secure Socket Layer (SSL) certificates are the most trusted option for SSL in modern browsing. EV SSL is a system of validation that requires extensive certification and testing on their end to certify that investors are who they claim to be. Their EV SSL provider is VeriSign, the most trusted provider in this field. Moreover, Symantec gives power to this tool, which is known for providing security solutions to 100% of the Fortune 500 companies.
- Symantec performs daily vulnerability assessment and malware scanning of the VerifyInvestor platform.
- Finally, VerifyInvestor’s firewalls restrict access from external networks and even between internal connections. By default, they deny access to everyone and they only ever allow it upon request. During maintenance, they allow partial access which they are meticulously analyzing during this time.
Even with this level of security, VerifyInvestor takes it one step further when it’s time to enter your information into their system.
They protect investor’s information with the following 3 steps:
- Robust security protocols described above.
- The site provides investors with the ability to hide the personally identifiable information on the documentation they upload. This helps ensure that even the reviewers will not see the investor’s highly sensitive information. Of course, from time to time, reviewers need part of the information from the redaction for verification. In that case, the reviewer may ask the investor to modify the redaction or for an explanation.
- A licensed attorney conducts all reviews, and they are bound by ethical duties and professional responsibilities to keep the information confidential.
Want to know more about VerifyInvestor’s security measures? Click here to learn more.
Finally, when you are ready to make an investment in one of our available opportunities, FundAmerica will come into the picture. FundAmerica is the software system that enables us to legally and efficiently fund our investment opportunities. Their system offers easy-to-implement tools for some of the most complicated back-office pieces of the fundraising process. Using FundAmerica allows us to have access to:
- escrow accounts,
- obtain electronically signed and store investors’ subscription agreements,
- complete background checks for anti-money laundering and PATRIOT Act compliance,
- and implementation of payment processes.
How does FundAmerica implement investor security?
FundAmerica uses Prime Trust, a system that safeguards personal information through its physical, electronic and operational policies and practices. Data can only be read or written through defined service access points, the use of which is password-protected.
Physical Security of Data
Additionally, the physical security of the data is achieved through a combination of network firewalls (there is no direct communication allowed amid the database server and the Internet). Moreover, their servers are equipped with hardened operating systems and are all housed in a secured facility. Access to the system, both physical and electronic, is under tight control and limits access to only those employees or third parties who have a need to know. They do not allow visibility of the users’ Social Security numbers, bank account information, or credit card information via the site.
Furthermore, they also equip their servers with Secure Socket Layer (SSL) certificate technology. Such technology ensures that when you connect to our site you are actually on our site. SSL enters all data into the Site under an encrypted format. To verify SSL is in use, look for the key or green padlock icon on your browser. For further encryption protection, they use a 128-bit encryption for logins and transactions.
Lastly, they use major, industry-leading and PCI compliant data centers and technology partners that host and backup all data.
Learn more about FundAmerica’ s SEC-compliant tools for technology-driven finance and crowdfunding offering.
Can I take measures to protect my personal information further?
Absolutely! There are actually a number of things you can do to ensure you keep your information secure as well.
Close Your Browser Window
For starters, never leave your browser unattended while you are using any platform housing your personal information. If you’re taking a break, simply log out. This will ensure no one else can access your data.
Create a Strong Password
Secondly, you should be using a strong password for any platform housing your confidential information. While some cyber attacks are simply beyond your control, you can control how strong your password is on these platforms.
Take a look at the chart below to see just how quickly hackers can crack your current password:
Tips to create a strong password:
- Take a sentence and turn it into a password. The longer the password, the harder it is to crack. Make the sentence something memorable for you. Thereafter, combine the words with lower and uppercase, abbreviate where you can and include a symbol or two.
- Create a password with 12 characters. Make them random, abbreviate and mix it up as well. When placed into a password checker, a 12-character passphrase shows that it would take about 238,378,158,171,207 quadragintillion years for a brute force attack to crack it.
- The PAO method. Person-Action-Object (PAO). You must select a place of interest, select a familiar or famous person, and imagine a random action along with a random object. The visualization of the place of interest, famous person and random actions will help you remember the sentence. Once again, abbreviate and mix it up. You’ll end up with passwords between 15-18 characters. It would take even longer to crack a password like this.
- Phonetic Muscle Memory. You can use your phonetic muscle to remember how a password would sound but it would differ from the way you write it. For example, drEnaba5Et (doctor enaba 5 E.T.) or BragUtheV5 (brag you the V5).
Mixing characters, including numbers and symbols and making it something memorable are essential for any of these 4 methods. The stronger your password, the better security for your account, so choose wisely.
Don’t Share Personal Information Online
Lastly, you will want to be sure not to share personal information with others online. While this may seem very obvious, you’d be surprised what personal information hackers are using to crack your passwords.
More personal quizzes and “get to know me” questionnaires are popping up on social media, and the fact is that hackers are creating those. And they’re creating them to find out what your passwords are.
But how does a simple quiz on social media give a hacker the data they need?
To start, many people set their passwords to something they can easily remember. This may be their pet’s name, favorite food, sports team, color or another little fact about you. What you don’t realize is even though that information is “harmless” on its own, when put in the hands of a hacker, it becomes exactly what they need to easily crack your password.
Even more so, some of those links have malicious code hidden directly in them, so without you even knowing it a hacker could be right on your mobile phone, simply because you clicked on a link within your social profile.
At DiversyFund, we take investor security very seriously.
A great number of prospective investors inquire about the security measures we are taking on our platform. With so much news about online data breaches, we understand this precaution. That’s why we made sure to gather the best software and security tools available to keep your information safe and secure.
We are proud of the tools that we have developed over the years as we build a safe environment for you to explore real estate crowdfunding investment opportunities for all and we will continue to evolve our security measures as technology changes.