Some of the cybersecurity best practices for advisors are smart moves for consumers, too.
“Don’t make the mistake of thinking of [cybersecurity] as a technology thing. It’s not,” Adam Moseley, managing director of Schwab Business Consulting and Education at Charles Schwab, told advisors Tuesday at Schwab IMPACT 2017 in Chicago.
Much of protecting yourself is about behavior and education, he said. (See infographic below for tips.)
Advisors are right to be worried about cybersecurity. The broader financial services sector has been attacked more than any other industry, according to the 2017 IBM X-Force Intelligence Index.
“It is no longer a matter of if, but when, you’re going to be compromised.”
The number of attacks on financial services companies rose 29 percent in 2016, to a total 1,684, according to IBM. Over the same period, the number of records breached jumped 937 percent, to 200 million from roughly 20 million — ranking the financial services industry third in number of records compromised.
“It is no longer a matter of if, but when, you’re going to be compromised,” Moseley said.
Advisors and consumers can both benefit from improvement in these areas:
“I don’t think there’s a single greater threat to your organizations outside of email,” Moseley said. “We don’t hesitate to click a link, to open an attachment.”
Ransomware, malicious links, social engineering and other common scams all come in via email, he explained.
One smart thing a financial advisor can do is hire an outside firm to send employees test spam, to see what they are opening or clicking when they shouldn’t, he said. It helps firms see how to focus their efforts educating employees.
Be suspicious of any links or attachments in an email, Moseley said. If the email seems to be from a legit source, call the sender to make sure it’s legit before clicking.
It also helps to rethink that information you’re sending in emails, he said. Try to keep personal and sensitive data out of email altogether; if you must send it, look for a more secure method. For example, if you’re reaching out to your financial advisor, many have secure client-access portals where you could submit that tax return or account statement.
Pick a password that’s long. Hackers will have an easier time brute-force cracking an eight-character password than one that has 12 or 15 characters, he said. (That length may mean you think about your password as a phrase rather than a word.)
Unique is key, too. Thieves often try login details captured in one breach at other sites, to see where they might gain access if you’ve reused that combo. Schwab has tracked nearly 1 billion of those so-called credential replay attempts, Moseley said.
Consumers and advisors should both look to implementing additional protections like two-factor authentication where available.
“If you’re not using multi-factor or two-factor authentication and it’s available to you…you’re behaving recklessly online,” Moseley said.