KEY MOVES TO WARD OFF RISKS
The bottom line is, if hackers find devices that are unprotected, then they have a path to ultimately get to valuable information that can access client accounts.
So, how do you or your firms protect against it? Surprisingly, experts agree that even some of the most fundamental moves to protect you, your firm, or your clients are not in place at the firm or individual level. Here are some steps that Warrene suggests firms take:
■ Do the Basics – These include:
Lock and Encrypt Computers – Both the SEC and FINRA are examining cybersecurity techniques. On a Mac, you can turn on FileVault so that it encrypts data. On a PC, you can use PGP Encryption from Symantec, among others. For smaller advisors, BitLocker is included in Windows 8 for free. With all of these tools, you're protected when your computer is off and at rest. So, if you're at Starbucks grabbing a cup of coffee and someone walks off with your computer, chances are, they'll close the computer and put it under their arm, triggering the encryption. They'll get the computer but not your data.
■ Enable Anti-Virus Software – Use an anti-virus software enabled for automatic updating and automatic scanning as well as automatic quarantine.
■ Use a Password Manager – A password manager, such as 1 Password, LastPass, or RoboForm, should be a requirement. These provide centralized management of usernames and passwords and allow individuals to securely sync passwords across devices. Avoid keeping password notebooks or Excel files.
■ Mix Passwords – As noted above, use unique passwords on each of the social media sites. While this might be painful, the peace of mind may be worth it. Also consider changing your passwords twice a year.
■ Create a Customer Feedback Loop – It's surprising the number of financial firms that do not have an easy way for customers to communicate online about some issue or breach. Consider a message in statements or online directing consumers to alert leaders to possible cybersecurity threats.
■ Protect Smart Phones and Tablets – These devices also need clear protection including:
■ Passwords on phones and tablets to make them operable
■ Required use of a VPN service (Cloak, VPNIClick) to encrypt your WiFi connection when on public networks or at all times. An individual can go to Cloak and, for $1.99 a month, encrypt his connection to the Internet.
■ Activation of the “FindMe” capability, which allows you to locate that lost or stolen phone, and possibly destroy the data to keep it out of the hands of thieves. Apple provides this natively. Android and iOS users can leverage Lookout for this purpose. Windows Mobile users can leverage the locator service feature offered by cell phone carriers' insurance provider (Assurion being the dominant player).