At SavvyMoney, safeguarding your data is more than a commitment - it's an integral part of our DNA. We consider it our prime responsibility to uphold unrivaled confidentiality, privacy, and security standards to shield your data.
Explore further by selecting any topic card, or enhance your access to comprehensive knowledge base responses and downloadable documentation by setting up an account.
Documents
Documents
We proudly announce that SavvyMoney has achieved the Cloud Security Alliance (CSA) STAR Level II Certification. This prestigious certification underscores our unwavering commitment to cloud security and data protection.
The CSA STAR Level II Certification is a rigorous, independent assessment that evaluates the security measures we have implemented to protect our clients' data. This certification validates our robust security framework and demonstrates our dedication to maintaining the highest cloud security standards.
At SavvyMoney, we strive to give our clients the utmost confidence in our security practices. Achieving the CSA STAR Level II Certification reinforces our promise to safeguard sensitive information and deliver exceptional service.
Please login to download the CSA STAR Level II Certification.
Dear IT Teams,
As part of our commitment to maintaining the highest standards of email communication security and compliance, SavvyMoney is actively updating our email server configurations. We strongly encourage you to review and update your email server settings. This initiative is crucial for avoiding delivery issues and fortifying the security of our mutual email interactions.
Important Update - TLS Configuration and Certificate Verification:
Starting March 31st, 2024, SavvyMoney will enforce stricter security measures regarding email communications. Specifically, we will verify the validity of public TLS certificates and ensure that hostnames match accordingly. This measure is crucial to maintaining secure and trusted communication channels. If your organization's email servers possess certificates that need to be updated or valid according to these new standards, SavvyMoney cannot send emails to your domain. This step underscores our commitment to safeguarding our digital ecosystem against potential security threats.
Recommendations for IT Teams:
- Please review and Update TLS Certificates: Ensure all certificates are current and valid and properly match the hostnames to comply with our upcoming security protocols.
- Verify DNS Settings: Reassess your DNS configurations, focusing on Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting & Conformance (DMARC), and DomainKeys Identified Mail (DKIM) settings. Correct and secure DNS settings are vital for email authentication and protection against malicious activities.
TLS Configuration and Enforcement by Major Providers:
Please remember that major email service providers, such as Office365 and Google, have mandated using Transport Layer Security (TLS) and certificate validation since 2020. If your email servers are not aligned with these practices, we recommend taking immediate action to ensure compliance. Thank you for your prompt attention to this crucial matter.
We are pleased to announce that our organization has completed the SOC 2 Type II audit from March to September. This achievement demonstrates our ongoing commitment to maintaining high standards of security, availability, processing integrity, and confidentiality of our systems and services. Please login to download the latest report.
We have proactively addressed the HTTP/2 Rapid Reset Attack vulnerability. Last night, on October 11th, we adjusted our Nginx thresholds to minimize the potential for such attacks. We are also in close communication with Nginx, awaiting further patches to bolster our server's defenses even more.
To address concerns regarding potential exploitation: We have not detected any exploitation of this vulnerability in our environment at this time.
For our clients' peace of mind:
- Our API and widget services are safeguarded against this vulnerability thanks to AWS WAF's automatic mitigation.
- Our educational platform remains secure, as Cloudflare automatically protects it from such vulnerabilities.
Your security is our top priority, and we continue to take every necessary step to ensure the safety and reliability of our services.
Update 09/11/2023
SavvyMoney has chosen to continue support for the ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite, which is frequently utilized by the legacy Windows Server 2012. Please be advised that Microsoft's Extended Support for Windows Server 2012 and its R2 variant is set to conclude on October 10th, 2023.
For our partners' convenience and preparation, SavvyMoney will maintain support for ECDHE_RSA_WITH_AES_256_CBC_SHA384 only up to December 31st, 2023. We urge our partners to use this time to facilitate necessary upgrades.
SavvyMoney Security Team
Dear Valued Partner,
We're excited to inform you of essential security upgrades that we have undertaken to enhance the protection of your data.
Enhanced Security Measures: In our commitment to provide exceptional security and align with industry standards, we have integrated new security ciphers in line with SOC2 and the latest PCI 4.0 compliance. These ciphers represent the cutting-edge in data protection, ensuring your data's encryption, integrity, and overall security are of the highest caliber.
Transition Details: The older ciphers, once pivotal for safeguarding your transactions and data, will now be phased out. Our systems will solely rely on the updated security ciphers, guaranteeing your information's utmost confidentiality, integrity, and authenticity.
Reason for the Change: Our decision to embrace the new security ciphers stems from our unwavering pledge to ensure the pinnacle of security for your sensitive data. Adhering to SOC2 and PCI 4.0 standards means we consistently assess and refine our security measures in response to the ever-evolving landscape of threats.
Your Next Steps: Should your organization possess specific security configurations that this transition might impact, we urge you to revisit your security guidelines to confirm compatibility with our newly supported ciphers. Our dedicated support team stands ready to guide and assist you with any queries or concerns.
Our Newly Supported Ciphers: ECDHE-ARIA128-GCM-SHA256 ECDHE-ARIA256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-PSK-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305
For further assistance or to obtain more details, you can reach our security team at security@savvymoney.com. We hold your partnership in high esteem and are here to back you every step of the journey.
Warm regards,
SavvyMoney Security Team