Welcome to our Knowledge Base

Tip: Start typing in the input box for immediate search results.

System Access and Permissions

Posted:June 10, 2025
Updated:June 10, 2025
PRINT

At Croft Financial Group (CFG), protecting our systems and client data begins with robust access controls and secure authentication practices.

Multi-Factor Authentication (MFA)

We enforce Multi-Factor Authentication on all systems and applications where it is available, including:

  • Microsoft 365 / SharePoint
  • CouchDrop
  • All Portfolio Management, financial Planning and CRM systems including NDEX, Croesus and Responsive

MFA significantly reduces the risk of unauthorized access by requiring verification beyond just a username and password.

DUO Security for Workstations

All company-issued laptops and desktops are secured with DUO for workstation login. This ensures that access to CFG systems is limited to verified users, even if a device is lost or compromised.

Client Password Resets

To protect client accounts and personal information, Croft Financial Group (CFG) enforces strict identity verification procedures for all password reset requests.

If a client contacts us directly to request a password reset for any CFG system or portal, the following protocol must be followed:

Before processing a password reset, the client must verbally confirm the middle three digits of their Social Insurance Number (SIN).

This additional step ensures that we are only providing account access to authorized individuals and helps safeguard against unauthorized attempts to access sensitive information.

Role-Based Access Permissions

Access to systems and files is granted on a need-to-know basis, aligned with each individuals role and responsibilities. Permissions are reviewed regularly and adjusted when team roles change or as part of scheduled audits.

Periodic Access Reviews

We conduct scheduled reviews of system access rights to identify and remove unused accounts, prevent permission creep, and ensure adherence to internal policies and regulatory standards.

By enforcing layered access controls and system-specific permissions, we ensure that only the right people access the right information — and only when they need to.

For any questions about access permissions or to request changes, please contact admin@croftgroup.com.

IN THIS ARTICLE: