Web Security Policy


Managing Security

 

We Care

We understand that you're concerned about the security and privacy of your online transactions. This is why we use end-to-end security to ensure that valuable data such as our installers and support files are encrypted when you get them from our site.

 

Our Website Server

We are using best-of-breed and state-of-the-art servers that include the following traits:

Physical Servers:

  • Locked, security surveillance monitored
  • Restricted access by policies and practice
  • Uninterrupted backup power

Encryption:

  • Encrypted in-transit with SSL/TLS using 256 bit RSA Encryption
  • Hard Drives Encrypted at rest
  • Folders Encrypted at rest
  • Files Encrypted at rest

Certifications:

  • Australian Government IRAP
  • CDSA
  • CSA CCM
  • DIACAP
  • DISA Level 2
  • FDA 21 CFR Part 11
  • EU Model Clause
  • FedRAMP
  • FERPA
  • FIPS 140-2
  • FISC
  • HIPAA / HITECH
  • IRAP / CCSL
  • IRS 1075
  • ISO 27001 / 27002:2013
  • ISO/IEC 27018:2014
  • MLPS
  • MTCS SS Tier 3
  • NIST
  • NZ GCIO
  • PCI DSS Level 1
  • Singapore MTCS Standard
  • SOC1/SSAE16/ISAE 3402 and SOC2 (WOW, we have all of these!)
  • TCS CCCPPF
  • United Kingdom G-Cloud
  • And more...

 

Encryption In-Transit

We employ state-of-the-art data encryption to ensure safe and secure transactions to our site.

Your computer and ours agree to transpose whatever you are downloading by using an unintelligible "hash" of characters that starts as a 2,048 or longer "key" string to share for decoding and prevent decryption while in transit.  We employ Extended Validation SSL Certificates that use 256 bit RSA Encryption.

Without the information for that shared key on your computer or ours, no one can understand our encrypted communication.  This is the same level of security used for VPN and banking communications.

We do not use a Web Application Firewall (WAF) to prevent any possible man-in-the-middle attacks that a WAF could introduce.

 

Encryption at Rest:

Files on a hard drive are considered to be "at rest."  Our hard drives use three levels of 256 bit at rest encryption:

  • Hard Drives Encrypted at rest
  • Folders Encrypted at rest
  • Files Encrypted at rest
  • Drive encryption keys are held by a third party and not FinSoft.

This means that if a thief could break into the secure building, bypass all doors and all security and all surveillance and then grab the correct hard drive, that the thief would then need to decrypt the hard drive, then use effort to decrypt each folder and then use effort to decrypt each file.  Obviously physical data theft is rare, but these measures make it extremely difficult to get data from the server or from the hard drive from physical possession of it.

 

Encryption of our Installers:

The installer for the software use Code Signing Certificates that use 256 bit RSA encryption.  This is an outer layer shell that goes around our installers and the executable files within them so that any changes to code would cause the file to not run at all.  When you install our software programs, they are indeed built by us.  Code signing also prevents the Windows popup that might read "Publisher could not be verified."  We have been verified and Microsoft routinely updates those trust certificates so that you get clean and message-free installs.

 

What is SSL / TLS and Why is it Secure?

Secure Sockets Layer, SSL, is the security technology for encrypting a link between a web server and a browser.  All data passed between our web server and your browser remains private and secure using 256 bit encryption with a minimum hash / seed of 2,048 characters. 

The SSL acronym stands for Secure Socket Layer, but it has been replaced with the Acronym TLS which stands for Transport Layer Security.  The change was mostly due to legal issues with the name SSL as owned by AOL / Netscape and TLS is not proprietary.  Like common household product names such as "Band-Aid," the term SSL has basically stuck over the years.

Whenever you communicate with us a padlock appears in the top browser bar and the background of the address bar turns green.  You'll also notice that http:// is replaced by https:// (The s stands for "secure" and you should expect that from a secure site anyway).

 

SSL/TLS Minimums:

When your web browser connects to our site, it must have a minimum level of encryption support.  Web encryption technology has matured and evolved and we reject older web browsers that do not provide a minimum level of secure connection or that could allow for known exploits.  For example, we reject any browser that has at best SSL2, SSL3 and TLS 1.0 support, these are not good enough for secure communications.  Most modern web browser updates support the new standards such as TLS 1.2 and that is enabled in default Browser settings.  You cannot read this page if you do not meet the minimum that we require.

 

How do Files Get to the FinSoft Server?

Files are uploaded through secure 256 bit encrypted FTP communications.  FTP is a fast file communication standard and we use it fully encrypted.  Our username and password to upload are Very-Very-Very long and complex and then they are scrambled with 256 bit encryption. 

Software users and IT support download files such as Windows patches, virus scan patches, Adobe Acrobat updates, Etc. all of the time.  You "trust" that the files coming from those vendor servers are indeed pure and untouched by outsiders because the vendors take due care to upload those files with strong passwords that are encrypted.  We do the same; we Code Sign the programs and the installer of those programs and we use ultra secure servers to deliver those files to you.  Encrypted all the way through the process in transit and at rest on the servers.

 

E-Mail

Our E-mail uses SSL transmission (AES256 bit encryption) and domain authentication using SPF and DKIM public keys.  We also use secure mail vaults for sending sensitive documents.

 

Are we Really FinSoft, LLC?

To generate an encrypted SSL transmission, a web server requires an SSL Certificate. Checking a website's certificate is good practice that helps you avoid spoof websites, sometimes called "phishing" sites.  To check the certificate, click on the padlock in the top of the web browser.  This will show you the name of the owner of the certificate. This name should match the name of the website operator.

We also show the Comodo security website validation icon on our contact page and all download pages.  This technology helps to show that the page is indeed an authentic FinSoft, llc page (hover your mouse pointer over the icon below):

EV SSL Certificate

Our EV-SSL certificates are issued by a leading certificate authority, Comodo CA. Comodo is Web Trust-compliant, meaning that their business practices and processes have been rigorously audited according to AICPA (American Institute of Certified Public Accountants) guidelines by an independent approved auditor (Ernst & Young).

Comodo Extended Validation certificates enable a high level of encryption.  They also confirm that a company is a legally accountable organization.

To receive the Extended Validation SSL Certificate, FinSoft, LLC had to demonstrate to them that we are an existing business, along with our control over the domain you are visiting.  When you visit us online, you deserve to be know who you are interacting with.

Seeing a site with an Extended Validation SSL Certificate, confirms two essential factors:

  • That you have a secure SSL/TLS (encrypted) link with this website
  • That this website represents a verified organization

FinSoft Web Security Policies v1, effective date January 1, 2017