How we’re protecting you

Client Level

To prevent fraud, we require verbal attestations for any movement to accounts that don’t have standing instructions in place. This means that any request you make to draw or transfer funds will be initiated once you have spoken live to a Balentine team member. While we know the convenience and preference of email and text, we require speaking to you personally for your added protection. This policy has enabled us to avoid fraud on several occasions. In addition, we ensure sensitive information is sent securely by password-protecting documents and providing only clients with the password.

Employee level

As part of onboarding, employees are trained to recognize signs of fraudulent emails and phone calls. This knowledge is practiced and reinforced with regular cyber security training and simulated phishing attacks. We also require employees to use MFA combined with a password that must be changed regularly. This ensures passwords are secure for all Balentine applications.

Firm level

To safeguard our network, devices, and email systems, we utilize Huntress, Cisco, and Microsoft XDR to monitor for irregularities continuously. We conduct quarterly internal and external penetration tests and implement comprehensive cybersecurity response strategies, including ransomware protection and mitigation. Additionally, we collaborate with trusted vendors like Pershing, eMoney, Addepar, and Salesforce to store your data and funds securely, with each of these vendors maintaining their own robust security protocols (linked above). In terms of electronic communication, we leverage Smarsh, an email encryption service that automatically encrypts all outgoing emails from Balentine domains containing specific keywords. Furthermore, we regularly perform business disaster recovery testing to ensure resilience and continuity in any scenario, prioritizing your security and peace of mind.

Steps to protect yourself

If you receive a communication, such as a phone call or email, that purports to be from Balentine and feels suspicious, reach out to us directly to confirm the legitimacy of the communication.

In addition, in a 2014 article on their website, The Securities and Exchange Commission identifies some basic steps to protect all your sensitive information:

Passwords

Ensure passwords contain a mixture of numbers, symbols, and uppercase and lowercase letters which do not correspond to any personal information, like an anniversary date or a pet’s name, or a word that can be found in the dictionary. Do not use the same password across multiple accounts, change passwords regularly, and do not share passwords over electronic messaging, like text messaging or email.

Two-step verification

Two-Step verification adds an additional layer of security to your accounts by requiring a special code in addition to a password to log in. After entering the password, a code will be sent to another account you own, and you must provide that unique code to access the account. You may be familiar with this, as it is required by Pershing.

Exercise caution accessing sensitive information in public

Avoid accessing sensitive information in public, especially on unsecured wi-fi networks. Balentine employees are forbidden for using company laptops on unsecured networks like at hotels or the airport. Rather, we are required to use personal hotspots on our phones. If you must access sensitive information, ensure that the site is secure before entering your password. A secure site is denoted by https rather than http.

You can read the rest of their tips here.

We can’t predict a cyberattack, but we can take steps to prevent it from happening and be prepared to address it if it does. If you have more questions, do not hesitate to reach out to your relationship manager or info@balentine.com.