We’ve all seen security breaches covered in the news: Equifax – at a cost of nearly $243M, Uber – resulting in $148M in combined fines, and just last year, Facebook – at a potential cost of $1.63B. Beyond the financial repercussions of these events, and potentially more significant, is the damage to the reputations of these companies. Consider how confident you feel about these companies having your private information.
How do these breaches happen? And, what steps can you take to help safeguard your personal information?
Cybercriminals generally compromise business systems in one of two ways: either by exploiting known technical vulnerabilities within the targeted system OR compelling individual employees with access to the system to provide their credentials.
The overwhelming majority of system vulnerabilities can be eliminated by keeping systems patched an updated. However, attacks again individuals are much more difficult to detect and prevent. The most common of these attacks is phishing- using cleverly disguised emails designed to trick individuals into providing their credentials.
How can advisors and investors protect their business and personal information from cybersecurity breaches? Fortunately, there are a number of simple steps that can be taken to help protect this information.
- Maintain communications with clients over the phone, particularly, if you are suspicious of any client-generated requests or activity.
- Beware of phishing attempts
- Be suspicious of links in messages and consider typing URLs into web browsers instead of trusting email links.
- Have procedures in place to verbally verify client identity and transaction information.
- Ensure systems are updated and configured properly
- Install all patches and updating systems as soon as they are available.
- Do not access client accounts using public or shared computers.
- Educate your staff
- Ensure everyone understands how to recognize phishing attempts and is always on the alert for them.
- Employees should have a clear understanding of how to respond and report any suspicious activity.
- Ask questions
- Vet your investment management and other providers carefully and do business with those focused on client data safety.
- Don’t be hesitant to ask questions about the organization’s cybersecurity efforts.
- Beware of phishing attempts
- Individuals should stay informed of how phishing attempts work and how to avoid falling victim to them.
- First, and foremost, be suspicious of links received in emails. Instead of clicking on the links, which can sometimes open the door to cybercriminals, consider typing web addresses and URLs into your web browser.
- Communication and confirmation
- If you are unsure of an email or electronic communication from a financial institution, including your financial advisor, pick up the phone and call directly.
- Verify any information you can verbally.
- Accessing your accounts
- Always access your financial accounts from your home computer or laptop. Avoid using public or shared computers as your information may be stored and accessed later by someone other than you.
- Apply any system updates to your home computer and devices as soon as they become available. Software providers are continually working on improving security and will issue new and improved measures with system updates.
- Take action
- If you think you may have fallen victim to a phishing or other hacking attempt, take immediate action. Change your email account passwords first, then change all of your other online passwords.
- Be sure to call your financial advisor to notify them of the situation, and consider using credit monitoring services to help keep your identity safe.
At Brinker Capital, we are committed to continually improving our technology and security policies in an effort to stay ahead of current cyber threats within the industry.
The views expressed are those of Brinker Capital and are not intended as investment advice or recommendation. For informational purposes only. Brinker Capital, Inc., a registered investment advisor.
Tagged: Jim O’Hara, cybersecurity, phishing, cyber threats