Good security is not only robust in defense but takes weaknesses into account. We start with the premise attackers have an advantage. While we must secure many possible entry points an attacker needs to only find one. For this reason our policy is limiting the damage which can occur in the event our defenses are compromised. Our model includes:
1. Keeping sensitive information offline. Documents are not stored online.
2. No online hot wallets.
3. Secure password management. Passwords are never emailed, and are handled with the highest level of security. Users don't choose their own passwords which may be weak or repeated elsewhere. Instead passwords are assigned, salted and hashed.
4. We do offsite data backups frequently.