It seems like every day in the news there is a story of another customer data breach or tale of a well-meaning individual being the victim of a scam. In an age where so much of daily life is managed online, it can be easy to feel that a data compromise is inevitable. However, there are steps that customers can take – and expectations they should have of companies, especially their financial institutions – to protect themselves.

At Flourish, we have been entrusted with custody of more than $6 billion for tens of thousands of clients. We hold the responsibility of ensuring the safety of customer information and funds in the highest regard. 

"There is no way to guarantee that you won't be the victim of fraud. But you can take simple steps to ensure you aren't an easy target and get real results."

This article outlines many of the key steps we take to protect clients. At the same time, it’s critical to recognize that you are the first, and most important, line of defense — and that there are actionable steps that you can take to keep your digital information and funds secure. Without taking an active role in your own security, no financial institution will be able to guarantee the security of your account. "There is no way to guarantee that you won't be the victim of fraud," said Josh Owen, Chief Technology Officer at Flourish. "But you can take simple steps to ensure you aren't an easy target and get real results."

Add a trusted contact person

In the case where we cannot reach you in a situation of possible fraudulent activity, we have the option to contact the trusted person listed on your account to confirm your contact information, health status, or the identity of a legal guardian, executor, trustee, or holder of a power of attorney.

Check your Flourish notification emails

Flourish sends email notifications whenever key account activity takes place, such as when a transfer is initiated or a new bank account is connected. We do this in order to flag unexpected activity to you. Ensure that you read all transactional emails sent from Flourish and reach out to our Support team if you see any unexpected activity. And make sure to add Flourish to your contacts so that messages aren't sent to your Spam folder. 

Reach out to the Flourish Support team

If there is ever a question or concern, our Support team is here to help. “Cases of compromised data most frequently involve a client who has their email account compromised, which then exposes their other accounts to fraudulent activity,” said Mahany Ortiz, Client Support Lead. “When a client calls in, we can review their history, bank connections, and recent activity, in addition to freezing your account and doing more complex evaluations to ensure the security of your account. One of the best things a client can do to protect themselves is to make sure their email account is secure through MFA.” 

Are there other steps I can take?

Below is a non-exhaustive list of other common best practices to help enhance your online security, which may also enhance your Flourish account security.

Use a modern email provider with MFA enabled on your email account

Ensure you’re using an email provider that adheres to modern security standards and set up MFA on your email account. “Modern email providers such as Google Gmail or Microsoft Outlook offer MFA options, which significantly reduces the risk of compromise and increases the likelihood of detecting suspicious activity,” said Owen. “You'll be in a better position to work with your institutions at which your accounts are held to prevent a stolen password from turning into a more serious situation.”

"Cases of compromised data most frequently involve a client who has had their email account compromised, which then exposes their other accounts to fraudulent activity. One of the best things a client can do to protect themselves is to make sure their email account is secure through MFA."

Use strong passwords

The more complex a password, the more secure the account. Flourish already requires strong passwords with a minimum of 8 characters that include at least one uppercase letter, lowercase letter, number, and special character. We recommend that you always use a unique strong password for all websites. A password manager, such as 1Password, can help you keep track of your passwords across various accounts.

Confirm websites

Be extremely cautious whenever clicking on any link to access your accounts, including Flourish, or when clicking links in emails from unknown senders. Always check that the website address is correct before entering your information, which can be done by hovering over a link to preview the address and make sure the website name is spelled correctly before clicking on it. Whenever possible, visit websites directly, whether through a bookmark or a search engine. 

Freeze your credit

A credit freeze, also known as a security freeze, blocks access to your credit report. This prevents many types of financial accounts from being opened in your name and makes it impossible for unknown parties to apply for credit with your information, which is a common attack vector for stolen login credentials.

While Flourish does not provide credit services, and also does not pull credit during the account-opening process, security experts recommend keeping your credit frozen – as well as the credit of your dependent minors – across the three main credit bureaus: Equifax, Transunion, and Experian. When you are opening a new account or applying for credit, you can easily schedule a 'credit thaw' to temporarily lift the restriction for a designated period of time.

Use extreme caution if sharing your login credentials

Some clients enter their financial account login credentials into third-party tools, such as budgeting and aggregation applications. Use extreme caution whenever doing so, and recognize this may trigger unexpected login activity. 

Add extra phone security

Mobile phones often are an essential component of account management. A few steps you can take to increase your security:

• Make sure you have the latest software updates installed on your phone – as well as your other devices – which offer the most recent security features.
• If someone from your phone provider reaches out and requests information, first confirm their identity or place a call back to the official company phone line.
• Reach out to your mobile service provider to see what additional security measures can be put in place to protect your phone from being compromised.

How does Flourish help ensure the safety of client funds and information?

Ensuring the safety of client funds and information is a top priority at Flourish. We have put numerous measures in place to support these efforts. 

Multi-factor authentication

Clients are required to undergo multi-factor authentication (MFA) whenever they take certain actions on their account, including logging in, updating bank connections, scheduling transfers, or before executing secure actions if more than 15 minutes have passed since authentication, such as changing your profile.

Email notifications

For all new account activity, we send an email notification to the account owner(s) to alert them about the action taken. This keeps them informed and, if they see any suspicious activity on the account, they can reach out to the Client Support team.

Account monitoring

Unauthorized account activity often begins with a similar pattern of actions. Our security system proactively monitors all accounts for signs of suspicious activity patterns, which flags the activity to our security team for review.

Data protection

Client data is protected at all times with bank-level encryption. Additionally, we run frequent internal and external security scans and audits of our software and systems for signs of any vulnerabilities.

In-house Client Support

Our Client Support representatives are on the front lines against fraud. Having an in-house, US-based support team is a major differentiator for Flourish and ensures that we have a highly-trained team that is closely connected to other teams at Flourish working in concert to protect clients.

Employee training

In addition to a background check, all employees go through ongoing, company-wide training on topics such as data protection, records management, cybersecurity, anti-money laundering, malware, phishing, protecting seniors and vulnerable adults, and more. We also identify high-risk employees who, for example, speak with external parties about wire transfers or have access to customer personal identifying information, and have them undergo additional training.