Cybersecurity Tips for Investors
Rick Welch: Dollars and $ense
Cybersecurity Tips for Investors
Cyber crime which results in financial data theft, breach or fraud is a growing threat to investors, investment advisors and institutional custodians. It is incumbent on each party to develop and practice sound fraud prevention strategies. While mobile devices and online investor platforms improve productivity and the quality of delivered services, they also increase exposure to risk and fraud. As client service systems continue to evolve, the financial services industry must endeavor to balance the protection of investor information and assets with the needs of those very same investors to access account information at preferred times and locations. As an investor there are several steps you can take to frustrate fraudsters and keep your investment accounts safe. Some of the tips suggested below are commonsense and appropriate for other facets of your life, while others may be more specific and targeted to managing and protecting your investment and bank accounts.
- Protect account login information. Develop and practice a strong password policy. Your passwords should have 8-10 characters, include numbers and letters and be changed every 3 months. Do not allow your computers browser to save your passwords. Use unique and variable passwords across different websites. Reduce risk by limiting investment account access to only those family members who need it.
- Protect your computer. Use antivirus software with automatic updates. Keep current all vendor updates to hardware and software. Be very careful about what you download. Place a spam filter on your email server.
- Be aware. The most common types of transactions targeted by financial cyber criminals are disbursements (particularly to 3rd parties) and trades. It is important that you regularly review and validate any disbursements on your account statements. Most custodians have reliable and efficient processes for disbursing funds to an account owned by the same person. Money movements to 3rd parties require additional verification steps to safeguard you and your account assets. A 2015 research project conducted by the US Securities and Exchange Commission (SEC) stated “that 54% of brokers and 43% of financial advisors have received fraudulent emails seeking a wire transfer of client funds.” Most advisors look for red-flag behaviors in order to spot disbursement fraud, such behaviors which may include someone (other than the account owner) asking for an account balance, the claim that a client is out-of-town or repeatedly unavailable by telephone, an urgent or emergency request and lastly, a sympathetic or emotional request.
- Understand. Most investment advisors will not act on email-based requests for sensitive account information, money movements or trades without using identity validation and authentication procedures. It is our practice to call and speak directly to the client in order to verify the request and ask questions to ensure the details of the request are accurate and authorized. Understand that there is a difference between investment account identity theft and standard identity theft.
- Avoid. Do not share information via email (or social media) that could help a fraudster gain access to your accounts or impersonate you as the client. Do not put sensitive, identifiable personal or account information in emails. Instead, use just the last four digits of your social security number or partial account numbers, like “XXXX-1234.”
- Your advisor and other consultants. Does your investment advisor and custodian, if applicable, have a SEC compliant cybersecurity plan? Do they practice good cybersecurity in their communication with you? When working with other consultants (attorneys and CPAs), inquire about their risk management policies as they pertain to safeguarding your confidential financial information.