October is National Cybersecurity Awareness Month (NCSAM), a collaboration between government and industry that is focused on helping people to take proactive steps to be safe at home and at work. The message this year - Own IT. Secure IT. Protect IT. – certainly stresses personal responsibility and taking steps for how we can all help in this effort. The NCSAM website has tipsheets that offer pointers on how to combat cyberthreats in many areas, from social media (show that one to your teenager) to travel (good for the whole family) to theft and scams (great for older parents).
Protecting our clients’ data has always been a core priority in our firm, even before data hacking and breaches became frequent topics of the news cycle. Over the last few years, one thing has become clear: cyberthreats are only going to grow in number and intensity. The financial services industry is certainly on the front lines of both requiring best practices in data protection, and in hearing stories about ways that hackers are trying to steal our data.
We don’t publicly discuss how we protect client data because, well, that doesn’t seem very secure. Instead we offer below 16 best practices from the experts in the field:
- Ask anyone who has your money how they protect your data
- Use strong, unique passwords. (Yes, we know it’s annoying. You still need to do it.)
- Ignore calls from phone numbers you don’t know. If you answer or reply with a text, you have just confirmed that your phone number is real.
- Ignore fake emails, especially those that ask you for money or threaten legal action if you don’t respond.
- Don’t click on links or attachments in emails from people you don’t know.
- If your parents or grandparents are aging, help them to safeguard their information.
- If you are sent an email by a “person you know” and asked to purchase gift cards and provide codes to that person, delete the email. It’s a scam.
- Emails from a loved one that contain bad grammar or language that seems off are probably, in fact, written by a scammer. Contact your loved one another way to find out if it’s real.
- Don’t cash a check for a stranger.
- Don’t send money via wire transfer or Zelle® to someone you don’t know well.
- Don't provide account numbers, Social Security numbers, personal information, or passwords via email or text, even within your office or to family members.
- Never ever give an unsolicited caller remote access to your computer.
- Don't click on unsolicited links or attachments sent via email or text layer
- Know that the IRS sends letters on good old-fashioned paper about back taxes owed - they don’t call you and demand immediate payment.
- Research potential “investments” by meeting someone in person. Don’t “invest” in a program that someone pitches you over the phone.
- Trust your gut: if it feels like a scam, it probably is.
Cybersecurity is a team sport. Now that you know the basics, you can set a good example and spread the word to your friends and family about how they can protect their data.