- Our Information Security department requires antivirus/anti-malware (AV/AM) technology on all personal computers, external network connections and electronic mail servers.
- Our external network connections are protected by firewalls that screen incoming and outgoing traffic.
- We’ve put into place commercial intrusion and detection tools that identify, block and respond to unauthorized attempts to access our information systems.
- We research best practices across various industries and add digital forensics and investigative tools to help protect your personal information and financial transactions.
- We regularly monitor transactions for suspicious or unusual patterns of behavior. If we suspect fraud, we will contact you directly or work with your Edward Jones team, as necessary, to identify the problem and take corrective actions.
- We use multiple encryption methods when sensitive information travels online or outside our controlled environment. We also encrypt sensitive data when it’s at rest, which provides added protection while it’s stored.
- Our information systems are configured with authentication tools and procedures, such as multifactor authentication, to help confirm the identity of people logging in. They also enforce password controls for access to sensitive information.
- We restrict access to your information based on our employees’ roles and clearance levels. We share your personal information only with companies with whom we have a relationship to enhance your experience with our firm. We do not sell or provide your information so that other companies can market their products to you.
- We create backups of critical data on a regular basis and operate data centers in two geographically distant locations to help us recover quickly in adverse circumstances.
- We regularly assess key information security controls, including data protection, through internal audits and testing. We also perform vulnerability assessments, including penetration tests that simulate attempts to hack into our systems.
- We manage vulnerabilities by documenting standards for security capabilities and requirements for server and workstation configuration. We test and evaluate regularly to ensure security controls are maintained and functioning in accordance with our stated policies. These initiatives include vulnerability scanning, research and remediation procedures.
- We use a formal development methodology to build, enhance and maintain our information systems. Tools in this process, such as automated scans and periodic audits of code before it’s implemented, help to protect against errors that might create vulnerabilities.
- Several comprehensive assessments by outside security experts each year confirm our information security systems meet the highest standards. These assessments include additional penetration tests where independent experts attempt to hack into our systems using the latest tricks and tools available to them.
- All employees are subject to criminal and credit background checks at the point of hire. Employees in our Technology division, as well as all employees who are licensed to provide or supervise investment services, are subject to recurring criminal and credit checks during their employment. We also require background checks for service provider personnel who work at our facilities, including Edward Jones offices, or who have access to sensitive Edward Jones information.
- We offer and require privacy and information security training for all employees. Training covers compliance with our Information Security policies as well as applicable laws and regulations. All employees complete annual training on information security and the safeguarding of client accounts and information. Throughout the year, we remind or alert employees of important security concepts through internal news articles, and we periodically test their knowledge and awareness by sending them simulated phishing emails.
- Specially trained employees in our Information Security department focus on cybersecurity protection and threat intelligence, detection and response.
- Dedicated leaders serve as chief privacy officer and chief information security officer to ensure our internal privacy and security policies reflect our commitment to protecting clients. They also ensure policies comply with applicable rules and regulations, and coordinate a variety of audits and examinations to demonstrate compliance.
- We extensively evaluate companies with which we share your personal information. We strive to hold them to the same standards as we hold ourselves and, therefore, help ensure they treat your information with the care and responsibility it deserves.
- We manage physical access to our facilities based on the sensitivity of assets held at each location. Strategies include card readers, biometric readers and video surveillance, augmented by 24-hour on-site security. Anyone requiring routine access to our facilities must use a verified security access badge to enter a building. For service provider and other third-party access, we maintain sign-in documentation, a photographic visitor badge records and authorization process, and a visitor escort policy.
- We analyze real-time intelligence on U.S. cyberthreat activity from the FBI and U.S. Secret Service, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Financial Services Information Sharing and Analysis Center to protect our systems against emerging threats. We also monitor and submit suspicious activity reports to the Financial Crimes Enforcement Network (FinCEN) operated by the U.S. Treasury Department.
- We research best practices across various industries to understand the latest advances in security and add tools to help protect your personal information and financial transactions.
- We follow industry-based standards tailored to our environment, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework.