Those are words I hope I never have to say. Unfortunately, in our world today our information is never completely safe.
Sometime between Thanksgiving and Christmas the credit card and personal information for up to 110 million Target customers was stolen by cyberthieves. Considering that there are only about 115 million households in the U.S. , I would say that this crime affects pretty much all of us.
In February, John Mulligan, CFO of Target Corporation was hauled in front of Congress where he testified before the Senate Judiciary Committee on data breaches and cybercrime. For me, the obvious question isn’t “How could this have happened at Target?”, but rather “Where else is my personal information vulnerable and what are they doing to protect it?”
Well, I can’t speak for your accountant, lawyer or Target Corp., but I can tell you what I am doing as a financial planner and investment advisor to protect your private information. While I have always met the security standards set forth by the SEC and our broker-dealer, here are 7 things I am doing to help prevent your information from being hacked.
Secure email. Personal financial information such as account statements, tax documents, account information and other items that could be sensitive or personal are always sent via encrypted, secure email. The system we use is called Smarsh. Smarsh is a company that provides secure email encryption services to businesses like mine that are in highly regulated industries or that deal with sensitive client and customer information. While I do send general information, product literature, economic and market commentary via traditional email, I anticipate a future in which it will be simpler, and safer to send ALL email via some type of protected email service.
Information Lock Up. The SEC requires financial advisory offices to adhere to strict standards regarding how they store files, retain information and lock their offices. At Focus Financial we adhere to those standards, but I take it one step further. In addition to locking my office each night, I also lock up my files and paperwork in a secure place inside my office. Sensitive documents are never left unlocked overnight.
Passwords – never shared, never written down. This is a tough one. At last count I had over 50 personal and professional User ID’s and passwords. It’s a lot to keep track of, and the list is growing every day. Thankfully, there are now several password protection services available that allow users to manage their passwords in a simpler, more secure way. The only services I use are those that have been thoroughly researched and vetted by my broker-dealer and/or the brokerage custodians we use.
An encrypted hard drive. Regarding internet security, best practices would include having an encrypted hard drive. I am now in the process of switching over to a fully encrypted hard drive with the latest encryption and security software. This way, if someone steals my computer they won’t be able to (or at least should be a lot harder to) access any information saved on it.
Laptop never has any client info stored on it. I use two laptop computers. One is an old one that I use only for presentations and seminars. The other is newer and I use it when I need to be working offsite or on vacation, etc. Neither computer has any client information stored on it – no contact information, no social security numbers, no account information, nothing. They are simply a means to access the internet, send and receive email, use MicroSoft Office, etc.
Strict use of VPN. Occasionally I work from home. Sometimes I work out of our Minnetonka or Apple Valley offices or work when I am out of town. I have even been known to get some work done at the ice arena where my daughter skates on Saturday mornings. Whenever I log on to the internet I use a secure Virtual Private Network or VPN. A VPN connection is as secure as working directly from my office in NE Minneapolis. In fact, that is exactly what you are doing. You are just using your laptop and VPN connection to log on to your secure system in the office.
I never use public WiFi. Public WiFi can be a security disaster. Anyone on that public network can access your computer and everything on it. And they don’t have to be anywhere near you to do it .Using the same public WiFi you are using, they can access your computer from the parking lot or the coffee shop down the street. What’s worse, they can even install malware that tracks your key strokes and records your log in information giving them access to all the secure websites you use.
The steps I have outlined above are for my business and how I protect your information. My system isn’t foolproof. No system is. If hackers and cybercriminals can break into Target or the Pentagon, they can probably figure out how to get into my system as well. But just like when you lock your car at the mall or lock your house when you leave home in the morning, a little deterrent goes a long way.
By taking at least a few simple steps we can all keep our information safer and reduce the likelihood of problems in the future.