Security and Privacy at Phillips Ormonde Fitzpatrick
At Phillips Ormonde Fitzpatrick, we understand the paramount importance of safeguarding your sensitive information. As a leader in the industry, we prioritise security and data privacy. Our commitment to protecting your data is woven into the fabric of our firm, and we employ multi-faceted, cutting-edge measures to ensure the highest standards of security.
Our robust security infrastructure is designed to withstand the ever-evolving landscape of cyber threats. We employ the latest technologies and industry best practices to fortify our systems against unauthorised access, data breaches, and other potential risks. Our multi-layered security approach ensures that your information is safeguarded at every level.
The foundation of this approach is our adoption of the following security principles:
- Control implementation evolves continuously to improve effectiveness and auditability.
- Access is granted based on the principle of least privilege.
- Security controls are applied consistently across all areas of our firm.
Data Encryption for Privacy
Your data is precious, and we treat it as such. All data transmissions within our systems are encrypted using industry-standard protocols, guaranteeing that your information remains confidential and secure.
All file-based datastores with customer data are encrypted at rest. We use TLS everywhere data is transmitted over potentially insecure networks. TLS keys and certificates are managed by Azure for cloud-based encryption and managed on our own internal servers for on-premises solutions.
In an era of increasing data regulations, we recognise the significance of compliance. Phillips Ormonde Fitzpatrick adheres to all relevant data protection laws, ensuring that your information is handled ethically and legally. We are committed to implementing SOC-2 compliance to provide our clients with the peace of mind that comes from knowing your data is managed with the utmost care and in accordance with the highest standards.
Continuous Monitoring and Threat Detection
Our experienced administrators employ real-time monitoring and advanced threat detection tools to identify and neutralise potential security risks promptly. This proactive approach allows us to stay one step ahead of cyber threats, maintaining the integrity and security of your data.
We use a combination of time-proven open-source monitoring software and cutting-edge commercial offerings from Microsoft, Sophos, and ManageEngine.
We engage annually with various penetration testing consulting firms, who are commissioned to test our systems both externally and internally. In addition to this, we conduct our own internal penetration testing.
Vulnerability and compliance scanning takes place around the clock via multiple endpoint management and monitoring platforms, with alerts of detections and events going directly to administrators. Reports are generated regularly to analyse the overall effectiveness of these systems.
All corporate devices are centrally managed and protected by anti-malware software. We enforce secure configuration of endpoints, screen lock configuration, and software updates. Software restriction policies ensure that only applications we explicitly approve can run on our endpoints.
Critical software vulnerabilities are automatically patched by our management software upon release to ensure we are operating as securely as possible.
Secure Remote Access
We utilise Citrix Secure Access and Duo’s multi-factor authentication platform to protect connections to our network. Sophos and VMWare VSX firewall appliances block all unnecessary traffic through our wide-area network. This WAN runs over a proven MPLS framework for maximum security.
Administrators are required to use an additional layer of identity protection, with multi-factor authentication required to access workstations as well as the VPN.
By default, we block access to our network and user authentications from foreign locations and devices. Only corporate devices can be used to access our data.
Phillips Ormonde Fitzpatrick provides comprehensive security training to all employees upon onboarding and annually through educational modules on third-party platforms and from content generated by our own System Administrators. Our security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
We strive to educate our staff on an ongoing basis. It is our goal to ensure every person that handles sensitive information is aware of its impact and can identify the most common threats to our security posture. A strong foundational understanding helps our staff to stay vigilant and provides excellent data defence.
With a combined 80+ years of experience in our IT department alone, we have a wealth of experience to draw upon to achieve this goal.