Information Security Basics in the Crowdfunding Age
Why We Think About Security
With the proliferation of marketplace finance (crowdfunding) platforms, we should ask ourselves whether the rigorous security standards traditional to legacy finance institutions are being sufficiently carried over. Here at EQUITYMULTIPLE, we’re firm in our belief that security should never be compromised, and is top of mind in all areas of our business.
Reports of cyberattacks are on the news at least once a month. Companies of all sizes, and even the federal government, are not immune from hackers trying to steal information. In our industry, where technology is used for such sensitive information as people’s finances, it is imperative that we maintain extremely tight security for our business. In fact, our business relies on security. If our information, as well as our users’ information, is not safe, we cannot survive. Putting time and resources into security is EQUITYMULTIPLE’s top priority as a technology company, and it is the job of each and every employee to provide users with peace of mind that their sensitive personal information is safe in our system.
There are many things you can do to decrease the risk of being victim to a personal cyberattack. These practices are useful to adopt in all areas of the internet, but they are especially important when dealing with platforms like ours that require complex financial information. Some general tips include:
- Safeguard your password: This may seem simple, but it is incredibly important in staying safe on the internet. At EQUITYMULTIPLE, we make it a point to NEVER ask you for your password, nor will we deliver it to you via e-mail.
- If you receive an e-mail asking you to log into your Equity Multiple account, make sure the URL starts with https://www.equitymultiple.com. In addition to keeping your password safe, it is also important to make a strong password (mix of lower case and upper case letters, numbers and symbols) and change it regularly. These simple steps will go a long way in protecting you from a cyberattack.
- Watch for a up-to-date and valid SSL certificate and ensure all connections are taking place over secure networks. The latest version(s) of popular browsers support SSL, and make it easy to see when your information is handled securely.
We take a number of steps to ensure our security practices are some of the best in the industry. To help you understand what we do, we’ve answered some common questions our users may have.
What information do you store? Why do you need this information?
- Personally Identifiable Information (PII) is any information that could reasonably be used to identify you, including your name, address, e-mail address, birth date, financial information, cell or land-line phone number, or any combination of information that could be used to identify you. PII is necessary to comply with federal “Know Your Customer” (KYC) rules so we must collect it in order to facilitate financial transactions, but we do not share or sell your personal information.
- Anonymous Information – information that does not identify you and may include statistical information concerning, for example, your use of our About Us page or the pages on the Site that you visit most frequently. Anonymous Information allows us to constantly improve our site and ensure that we are aligning our services with the interests of our users
How and when do you dispose of my data?
If you request, we will remove your name and all other Personally Identifiable Information from our databases. It may be impossible to remove this information completely, due to IRS and regulatory reporting requirements, ownership in a Project in which you have invested through our Site and the rights thereof, data backups and records of deletions.
Where do you store my data? Is it encrypted?
- EQUITYMULTIPLE’s physical infrastructure is hosted and managed as a Heroku application within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.
- All sensitive data is encrypted and stored within databases to meet security requirements. Data encryption is deployed using industry standard encryption and the best practices for our technology stack. To better understand encryption technologies, click here.
Reuters: “Data hacked from U.S. government dates back to 1985: U.S. official” by Andrea Shalal and Matt Spetalnick. 6/5/15
Wikipedia: “Transport Layer Security”
Was this content useful?
We'd like to hear from you. Your feedback will help us provide new material that is useful to you.