|
|||
|
|||
Secure File Transfer
|
|
||
Introduction
|
|||
About Federated Shareholder Services Company’s (FSSC) Secure File Transfer Application
Our Secure File Transfer application is an SSL enabled (HTTPs) web application that supports secure file transfers over the Internet for browser based clients. The provided web site is easy to use, convenient, and most of all secure. Security Information
Overview
Increased security necessarily creates greater obstacles, barriers that must be crossed legitimately. Despite the extra effort of carrying keys and taking our time to unlock doors, few of us would choose to forego the benefits of having secure locks on our homes and businesses. Likewise, although we have worked hard to make the Secure File Transfer application security as unobtrusive as possible, the Secure File Transfer application security measures may at times seem to be inconvenient. The security measures are appropriate to the kind of business you are transacting over the Internet. Therefore, when the Secure File Transfer application security does prove to be inconvenient, we ask you to recall that these measures were put into place and are recommended for your benefit. Security Technologies Achieving an appropriately secure environment requires the integration of multiple technologies and techniques. We have taken advantage of the following technologies in the design and implementation of the Secure File Transfer application. Corporate Position Concerning the Handling of Data and Information The following statement is taken from the Federated Hermes Privacy Policy and Notice:
Federated Hermes maintains physical, electronic, and procedural safeguards to protect your nonpublic personal information, and has procedures in place for its appropriate disposal and protection against its unauthorized access or use when we are no longer required to maintain the information. When Federated Hermes shares nonpublic personal information, the information is made available for limited purposes and under controlled circumstances. We require third parties to comply with our standards for security and confidentiality. These requirements are included in written agreements between Federated Hermes and such third-party service providers. Each of the following sections explains an aspect of Federated Hermes’ commitment to protecting your personal information and respecting your privacy.
Security
An essential part of any security scheme is the need to "authenticate" the person attempting to log on. The Secure File Transfer application uses an industry-standard User ID/password implementation to verify that the person attempting to log on to the Secure File Transfer application is who they say they are and that they are an authorized Secure File Transfer application user. In order to log on to the Secure File Transfer application successfully, the user must enter the correct user ID and password. Data Privacy Just as account, transaction, and other information that belongs to your institution should be viewed only by authorized staff, your institution's information will not be available to another institution using the Secure File Transfer application. The system uses web, networking and permission management techniques to create an organizational model that limits delivery and accessibility of your information to your personnel. Note: Should your internal auditors require additional details, they should contact a Systems Client Consultant at 1-800-432-6106. Access Control You are responsible for actively controlling access to the Secure File Transfer application to only your staff who has a legitimate business need. The most frequent cause of security breaches in this regard is human error: simple carelessness or disregard for industry-standard security policies and practices. Examples include: not allowing staff to share passwords and IDs; not allowing the posting of user IDs and passwords on terminals or in other conspicuous locations; requiring users to log off at the end of each session; etc. User-ID/Password Stewardship The stewardship of the Secure File Transfer application user IDs and passwords is essential to creating a secure environment. You should impress upon your staff that their Secure File Transfer application user ID and password is sensitive information. We recommend the following guidelines in the management of user IDs and passwords:
It is important for users to thoroughly familiarize themselves with the Secure File Transfer environment so they can recognize its features and functionality. Attention in this regard can alert users to discrepancies which may signal a potential security problem. For instance, malicious individuals have been known to create "spoof" sites which on the surface look like a popular site but which operate simply to record User IDs and passwords. The Internet address of the bogus site may be a slight variation on the legitimate site's address to increase the chances that an inattentive user will type in the variation instead of the legitimate address. The initial presentation of the bogus site is made to mirror the legitimate site, including a request for the user's User ID and password. These items are then captured and stored. You should impress upon your staff that entering the proper URL correctly is critical. Unless the user is attentive, he or she could connect inadvertently to the wrong site. When connecting to the Secure File Transfer site, care must be taken to insure that the proper Internet address is used. Once the connection is made, attention should be paid to the characteristics of the site which prove or disprove its legitimacy as a secure environment. The correct URL for the Secure File Transfer is: https://sft.federatedinvestors.com We recommend that users bookmark the URL for the Secure File Transfer site and use the bookmark to connect to the Secure File Transfer site instead of typing the URL in the browser's address field. Security Partnership Achieving an appropriately secure data exchange environment requires an ongoing partnership between you and FSSC. The importance of your cooperation can not be overstated. The Secure File Transfer security requires your active participation. Your commitment to the technology, your enforcement of commonly accepted security practices, and your willingness to partner with us in security efforts are the most important ingredients in creating a secure environment. Organizational Changes You should strive to keep us informed in a timely fashion about organizational changes which could affect the Secure File Transfer security. These changes include terminations, reassignments of duties, changes in reporting or problem escalation hierarchies, and so on. Unless you notify us, we have no way of knowing that a staff member has resigned or been transferred or terminated. In particular, allowing staff members to leave your institution without notifying us of the change exposes your institution to the possibility that an ex-employee could use his or her access to the Secure File Transfer to disrupt operational activities. This is especially true of terminated employees who might be motivated to conduct malicious activities. In all cases where staff have been transferred, reassigned or terminated, you should contact us promptly so that the user ID of the former employee can be disabled. Reporting Security Problems We rely on the timely reporting of any security problem or issue you may encounter. Should you identify or suspect a security problem, you should immediately report the circumstances to us so that we can work with you to take appropriate action. You can contact a Systems Client Consultant at 1-800-432-6106. |
|||
|