Last Updated April 2, 2019
Username and password requirements
To help prevent unauthorized access, we prompt you to create a unique username and password when you first access your account. The strongest passwords are long and employ a mix of numbers, upper and lower case letters, and special characters. We also recommend that clients utilize a password management system, such as LastPass, so you do not need to remember several complex passwords.
Mercer Advisors provides an encrypted website connection. When you send sensitive information over an HTTPS connection, no one can eavesdrop on it in transit. Look for the “https:” at the beginning of the web address to know it’s working. You’ll see it even before you log in.
You can send our advisors encrypted messages thanks to our secure e-mail servers with TLS 1.2 transport encryption. We will never ask for your confidential data like account numbers, username and passwords via email.
Encrypted VoIP telephone system and encrypted and password protected Webinars and Virtual meetings
Mercer Advisors utilizes a secure telephone system to ensure that your calls cannot be intercepted or eavesdropped upon. To prevent interception of your communications, the system provides Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between all endpoints.
Compliance and Cybersecurity Policies
Mercer Advisors has created and implemented comprehensive compliance and cybersecurity policies and procedures based on the National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO) frameworks.
Extra login security
Mercer Advisors utilizes 2-factor authentication tokens at login, a technology that helps prevent someone from gaining illegal access to employee accounts, even if the username and password have been compromised. We also utilize a single sign-on authentication that reduces the number of sign-in prompts for employees and can measure the user, location, and device risk to determine whether access should be allowed, verified, limited, or blocked.
Wire Transfer verification
Whether you request a wire transfer by email, we always verify your identity by calling you to confirm before initiating the transfer.
We utilize a 24/7 Security Operations Center to monitor our network and infrastructure every day, all day.
Encryption on all endpoint devices
Mercer Advisors utilizes a Unified Endpoint Management system to encrypt all endpoint devices (laptops, phones, etc.) and allows us to monitor for malware threats or jailbroken devices and automatically remediate with a remote lock, device wipe or customizable device quarantine controls.
Mercer Advisors utilizes sophisticated anti-virus software, whose AI-driven technology prevents attacks before they can damage our devices and network and has been proven able to block emerging threats on average 25 months before they are first detected in the wild.
Firewalls are protective barriers that defend Mercer Advisors’ networks and computer systems from hackers and cyber-attacks trying to gain access into our data centers. We use some of the strongest firewalls available in the industry.
Physical security at our offices
Our security measures extend far beyond our website. We vigilantly monitor all work areas in order to prevent theft or scrutiny of documents containing sensitive information. In addition, authorized personnel can only enter work areas through the use of a security badge.
Restricted access to data
We limit access to systems containing client information to only those employees who need it to conduct business. We continually monitor access and only grant it to new people on a case-by-case basis.
Secure customer relationship management (CRM) system
Mercer Advisors utilizes a best-in-class CRM to keep your biographical and financial information secure. Your data is encrypted, so even if there is a breach, the data would be inaccessible.
Secure enterprise-grade file sharing and storage platform
Mercer Advisors utilizes an enterprise grade file-sharing system to securely store documents. We also use this system to allow for secure file sharing between the client and Mercer Advisors.
We make sure that our employees know and adhere to our security policies. We require periodic training on our security policies for all employees, no matter their department. Employees who work directly with clients receive extra training on emerging risks, such as identity theft.
 SE Labs Report, https://selabs.uk/download/enterprise/march-2018-pmr.pdf.