Heath Wruble Financial Regulatory Compliance Specialist
I tend to take Cybersecurity to the extreme. In fact, it is a primary focus of my job, which is to protect the privacy and confidentiality of our clients. To say their privacy is a matter of concern is an understatement – we see our clients as more than clients; they are family and we strive to protect our family at all cost. If we fail at protecting our clients, confidence erodes, relationships are lost, and friendships are broken.
Not a month goes by that there isn’t an article in the Wall Street Journal about a data exposure or data breach. Each and every story is devoured and dissected by the firm to identify what those companies have done, what may have caused the breach, and to ensure that we, as a firm, continuously upgrade our ability to prevent exposures.
We ask ourselves questions such as, “Are we vulnerable? Do we need to react? Could this happen to us? How should we react?” Once we identify and implement solutions, I conduct training sessions with our employees to educate them on cybersecurity issues, breaches, and preventive measures. We stress actions such as reporting red flags, ignore calls seeking questionable information, and avoiding clicking on emails from unverified sources or emails that originate from an address which may look similar to one we know but has a different ending or a misspelling. And, of course, to never open a file unless it clearly originates from a verified source.
Our data security measures are strong and effective. We have password protected mobile devices, password protected voice mails, and password protected computers. Even the systems we use to run our applications are protected.
Our jobs can become much easier and safer thanks to efforts and foresight used when setting up these systems. In our offices, we have created an ecosystem with a strict cybersecurity mindset; our data is secured in a locked cloud-based system, which requires dual authentication methods to access the system. In order to get into the system, the user must first log into a password-protected computer, then once logged, will need to open a cloud-based application that also requires a password.
And yet, this alone still does not grant the user access; the user is required to take two additional steps to gain access. First, the application sends an authentication request to the user’s mobile phone (so even if someone was to steal a password, the thief couldn’t access the system without that phone). However, the user also needs to provide a password, fingerprint, or facial recognition to get into that phone, then have to find the application on the phone, enter a pin and then click on a button to activate the application.
As we are a U.S.-based company, we take the additional step of preventing logins from IP addresses from locations outside the United States. It is well documented that most of the hacking occurs in countries with lax cyber laws, such as China, Yugoslavia, and Bulgaria. Therefore, it would be virtually impossible for a user to gain access from these countries, even if they had the password and the phone associated to the account.
It helps to be cautious, even as an individual user. What measures should you take to secure your personal data?
- Purchase a VPN service (Virtual Private Network) to prevent entry by others without a digital key. The VPN acts as an application which hides your data from the public networks trying to access your system.
- Buy and set up a personal firewall. The firewall controls network traffic to and from your computer, permitting or denying communication based on security controls. This creates essential barriers or gates between you and the internet.
- Use a password with at least seven digits, using a variety of lower case and upper case letters, numbers, and special characters.
- Never use the same password for all of your systems
- Never use the same password more than once.
- Avoid using names, birthdates, anniversaries, and similar data of yourself, spouse or children.
- Use a key pass to randomly create passwords. They might be harder to remember, but they’ll also be harder for a hacker to crack.
- Never write your passwords down.
Lastly, I recommend investing in a system called LifeLock, or one of its competitors. Firms such as LifeLock monitors your personal details, such as your social security, bank account, checking account, and credit cards. When set up correctly, any time there is suspicious activity in an account it alerts the account owner. These notifications provide preventive measures to limit personal damage, alerts the user to potential risks, and provides extra time to stay ahead of those wishing to do harm.