Cybersecurity at Alitis: Safeguarding Trust, Data, and Assets

Clients place their trust in Alitis. That trust extends beyond investment expertise to the safeguarding of personal and financial information. Maintaining it requires more than policies or good intentions. It requires a genuine commitment to security as an ongoing discipline.

To meet this responsibility, Alitis partners with Smart Dolphins IT Solutions, who function as their dedicated IT department. Smart Dolphins provides the specialized expertise required to keep systems secure and data protected. This enables the Alitis Team to stay focused on delivering thoughtful investment advice and personalized client service.

In this article, we’d like to share the core principles and technologies that maintain a strong cybersecurity posture for Alitis. These should provide peace of mind about your relationship with Alitis, but may also offer a useful foundation for thinking about cybersecurity in your own life.

Layered Security, Shared Responsibility

In 2025, the Smart Dolphins IT Solutions team celebrated 25 years in business.

Good cybersecurity works like the layers of protection around a home. You lock your doors, but you might also have an alarm, a camera, or a dog who barks. Each layer reinforces the others. Even if one fails, the rest keep you safe.

At Alitis, this “defense in depth” approach is built on a clear division of responsibility. Smart Dolphins manages the technical controls. Alitis focuses on the human and procedural side. Together, these layers create a security posture far stronger than either could achieve alone.

Technical Controls

Smart Dolphins deploys and manages a comprehensive suite of security technologies that work together to protect Alitis’ systems and data. These run quietly in the background and are constantly updated and monitored.

The foundational protections include:

• Managed firewalls that monitor and control network traffic
• Endpoint detection and response (EDR) providing advanced threat protection on all workstations
• Full disk encryption on all devices, ensuring data remains protected even if hardware is lost or stolen
• Advanced email filtering that catches phishing attempts and malicious attachments before they reach staff inboxes
• Email authentication protocols that prevent attackers from impersonating Alitis email addresses
• DNS-level filtering that blocks access to known malicious websites, even if someone clicks a bad link
• Multi-factor authentication (MFA) enforced on all critical systems, requiring more than just a password to gain access
• Single sign-on (SSO) integrated with robust Microsoft 365 security controls
• Principle of least privilege ensuring staff only have access to the systems and data they need for their role
• Patch management keeping all systems current with the latest security updates
• Secure offsite backups for all critical data, ensuring information can be recovered if the unexpected happens

Alitis also benefits from a cloud-first infrastructure. With minimal on-premises systems, there’s a smaller footprint to protect and less opportunity for attackers to find a way in.

These baseline protections are essential. But traditional defenses have limitations. They depend on detecting “known” threats and recognized attack patterns. Attackers constantly develop new techniques specifically designed to slip past these defenses.

That’s why Alitis’ environment is also protected by Managed Detection and Response (MDR)—not just on workstations, but across their entire Microsoft 365 environment.

MDR adds a layer of behavior-based detection that doesn’t just look for known threats. It watches for suspicious activity patterns that might indicate an attack in progress, even one that’s never been seen before. On workstations, this might mean catching malware that traditional antivirus would miss. In Microsoft 365, it means monitoring email, file sharing, and collaboration tools for signs of account compromise, data exfiltration, or other malicious activity.

When something unusual is detected, the system can block it in real time. These automated detections are then reviewed by human security analysts who investigate and respond as needed. This means that even sophisticated attacks that might initially gain a foothold are identified and contained before significant damage can be done.

Fraud Prevention and the Human Firewall

While Smart Dolphins manages the technical infrastructure, Alitis maintains robust internal procedures designed to prevent fraud and unauthorized transactions.

Their team follows layered approval processes and verification steps for sensitive operations. These internal controls ensure that even if someone attempted to initiate an unauthorized change or transfer, multiple checkpoints would catch it. No single point of failure exists. This procedural discipline is a critical layer in the overall security picture.

Even the most sophisticated technical defenses can be undermined if the people using them aren’t prepared. Social engineering attacks like phishing don’t try to break through technical barriers. They try to trick people into opening the door. That’s why Alitis invests in building a “human firewall.”

Every staff member participates in an ongoing cybersecurity awareness training program managed by Smart Dolphins. This isn’t a one-time seminar or annual refresher. It’s a continuous program with monthly content that teaches real-world skills. Staff learn to recognize phishing attempts, protect sensitive data, and respond appropriately when something seems suspicious.

The program also includes simulated phishing campaigns. These realistic but harmless test emails help keep staff alert and familiar with the latest techniques attackers actually use. When someone clicks on a simulated phishing email, it becomes a learning opportunity rather than a security incident.

This investment in training means that Alitis staff are active participants in security. They know what to look for and they know what to do when something doesn’t seem right. In many ways, an alert and well-trained team is one of the most effective defenses any organization can have.

A Commitment to Continuous Improvement

Information security isn’t a one-time achievement. It’s a discipline that requires ongoing attention.

The cybersecurity landscape is constantly evolving. New threats emerge, technologies change, and best practices advance. What protected an organization effectively two years ago may not be sufficient today. Staying secure means staying current.

Smart Dolphins maintains a security standard built on trusted international frameworks like the Center for Internet Security (CIS) Controls. This is combined with real-world experience protecting Canadian small and medium-sized businesses and close collaboration with clients about their specific needs and regulatory requirements.

That standard isn’t static. It’s reviewed and improved regularly to reflect the current threat environment. When new threats emerge or better practices become available, the standard is updated accordingly.

Just as important is the work of staying aligned to that standard. Over time, system configurations can drift. New software gets installed. Settings get changed. What was once perfectly configured can slowly fall out of alignment with best practices.

To address this, Smart Dolphins performs regular audits of Alitis’ environment. These audits identify areas where configurations may have shifted or where new best practices should be applied. When gaps are found, they’re addressed proactively. This happens before problems occur, not after.

A Partnership Built on Expertise

This approach allows each organization to focus on what it does best. Alitis brings expertise in investment management. Smart Dolphins brings deep expertise in IT security. The result is that client information remains protected today and tomorrow, while Alitis stays focused on the work that matters most to their clients.

Click here to learn more about Smart Dolphins.