In this Newsletter
Cybersecurity Best Practices: How to Avoid Threats and Theft
In this article, we discuss risks to the safety of your financial information and actions you can take right now to protect your data and your assets.
In 2014, over 1 billion email accounts were compromised in a cyberattack against Yahoo, making this the biggest data breach in history. Alarmingly, revelations of similar cyberattacks are becoming increasingly common. The finance sector, which now relies heavily on technology to store data, is among the most targeted for such attacks. In 2014, a cyberattack against JPMorgan Chase compromised information from more than 7 million small businesses and 76 million households, costing the bank billions of dollars. Cyberattacks are not exclusive to companies with a large amount of data to access, though. In fact, the most common cyberattacks are those against individuals.
The Most Common Cyber Threats
Cyberattacks come in many forms; being aware of what common cyberattacks look like can help you recognize them quickly in the event that you are attacked.
- Email Account Takeover—A cybercriminal hacks into an account and sends emails pretending to be you. No big deal? What if the hacker sent an email to your financial advisor asking for a money transfer?
- Malware—Malware software is made to harm computers and steal data. Examples include viruses, worms, ransomware, and spyware. This software can delete files or information, and criminals can gather personal information.
- Phishing—Cybercriminals will pretend to be a trusted source and ask for personal information over email or the phone. This is a common scam perpetrated by crooks pretending to be IRS agents. Remember: The IRS does not initiate contact with taxpayers by email to request personal or financial information, nor does the IRS ask for PINs, passwords, or similar confidential information for credit card, bank, or other financial accounts.
- Credential Replay—Many people re-use usernames and passwords for multiple accounts, making all of these accounts more susceptible to attack, if a cybercriminal obtains the login credentials.
We’re Taking Steps to Be Even More Secure
JLFranklin Wealth Planning takes the threat of cybersecurity very seriously. We have assembled a cybersecurity plan to address and mitigate the risk of a cyberattack on our firm and our clients’ information and assets. The plan covers the following areas:
- Secure ShareFile Portal—This new service acts as an online “vault” for sharing, receiving, and storing important documents; we have used password protection to secure emailed documents in the past, but the portal adds an extra level of security and peace of mind.
- Staff Training—All employees of JLFranklin Wealth Planning have been trained on cybersecurity and have read our internal cybersecurity policy.
- Multifactor Authentication—To access client accounts at Schwab, all employees are required to input both a password and a randomly generated number that changes with each login.
- Vendor Compliance—Vendors with access to client information and those who are crucial to running our business complete a due diligence questionnaire; if we see any potential areas of risk or vulnerability, we will resolve issues in ways that protect our clients.
- Wire Transfer Authentication—In order to prevent fraudulent wire transfers, we require verbal approval from clients before we initiate a wire transfer from any Schwab account.
Protecting Your Data—and Your Assets
If you want an additional layer of security on your Schwab account, set up multifactor authentication. With multifactor authentication, when you log into your Schwab account you will be required to type in your password and a six-digit code generated on a security token. If you have joint accounts, you’ll set up the multifactor authentication separately, as it is tracked by email account. Two types of security tokens are available:
- Soft Token—Download the “VIP Access” app on the App store, and it will give you a Credential ID. Then, call the Schwab Alliance Technical Help Desk at 800-433-9196 to link this ID to your Schwab account. Doing so will activate the app.
- Key Fob—Those who like a tactile experience might prefer a key fob, which is a physical token. In order to setup a key fob, call Schwab Alliance Services and ask for one to be mailed to you. The token will already be linked to your account when it arrives in your home mailbox.
Below are some general suggestions for protecting your data against the threat of a cyberattack.
- Be strategic with usernames and passwords. It may be easy to use the same password for multiple accounts, but doing so creates a potential for “credential replay” (see above). To avoid this kind of attack, use long, complex, unique passwords. Try to change your passwords often, every 90 days or so. Do not store your passwords online or share them with anyone.
- Surf Safely. Only use wireless networks you know and trust, and be careful when using public computers. If you travel a lot, consider purchasing a personal Wi-Fi hot spot or virtual private network (VPN) app. Never access confidential information or accounts on a public computer.
- Protect Your Money. Make sure to review your phone, credit card, and financial statements as soon as they are available. If you see any suspicious activity, contact us about your Schwab account, or call the relevant vendor immediately.
- Limit what you share online. Sharing on social media can be a fun way to keep in touch with friends and family, but be very selective about what you are sharing and who you are sharing it with. Posting photos of pricy new purchases or announcing an exciting overseas adventure may seem like a harmless way to connect with loved ones, but people you don’t know may use this information to nefarious ends. Understand the privacy and security choices on all of your accounts and devices, and make adjustments as needed.
- Safeguard Email Accounts. Avoid clicking links in unsolicited emails, and be suspicious about email attachments.
While the threat of a cyberattack may be intimidating, taking time to ensure that your information is protected is invaluable and can help you avoid becoming a target.