Cyber Security Part One: Password Protection
Written by Joel Bengds
At HSC Wealth Advisors we have annual initiatives we focus on to make sure we are always pushing ourselves to higher standards and creating a consistent culture among our staff and client experiences. Many of these initiatives are centered around practice management and from time to time they translate into our day to day activities. One of our 2016 initiatives has centered around security, both physical and cyber. We know that the Internet is not going anywhere and that our personal information is on multiple sites—most likely more than we are aware of—and that information must be protected.
We have many physical security measures in place. If you have been able to stop by our office within the last 6 months, you may have noticed that we now have an automatic door lock with camera to control the front door of our building. This small change is to prevent entry without a staff member’s knowledge. All you have to do is press the “Bell” button and a staff member will unlock the door for you. We have adopted other measures this year and over the years as far as monitoring and best practices but today I want to discuss a few of our initiatives around cyber security; specifically, how we keep your data and our data secure.
The simplest cyber security step we have taken is password and username protection. We have a corporate-wide protocol for our password generation and how we are protecting those passwords. We have adopted the “Length is Strength” mantra in password generation. We want long passwords in conjunction with unique passwords. Many hackers take advantage of commonality of usernames and passwords among client online accounts. So if you are one who uses the same password for all of your online accounts you will want to have your own initiative to go through and make each account a unique password. To help you manage your passwords, you can find more information on the world wide web, a couple of the more popular password vaults are RoboForm and Last Pass.
At HSC we also require the staff to use dual authentication which is a unique code each person has to enter after they put in their password. This is to gain access to our custodian accounts and also to access our server data when not physically in the office. These codes changes every 30 seconds and we have various means of providing the code whether through smart phone, computer or other device. The reason for this is a hacker would not only have to figure out our password they also would need our specifically registered device to gain the unique code.
When talking about cyber security we want you to know that we have a culture of protection at HSC. It may be inconvenient at times to go through many different layers of defense to gain access to data but it is an “inconvenience we appreciate.” With this I will conclude that passwords can be cumbersome to track but please use unique passwords for each website and also inform your spouse or executors on where you keep your username and passwords so they can gain access to important information when needed. As we continue to monitor and adjust to cyber security we will try to pass along tips that we learn so you can evaluate how to always be diligent in your cyber protection.
P.S. – Read this alert from Charles Schwab that you should adopt as standard operating procedures for all of your financial institutions:
ALERT: Phishing attempts (Email & Text)
We have received information from Schwab clients receiving email and text messages that purport to be from Charles Schwab. Clients have been directed to click on a link; due to security concerns and provide sensitive information including their driver’s license and or a passport photo.
Schwab would never ask clients to provide information by email or text message.
Schwab contacted the site administrator and the site has been removed. Please delete these emails and encourage your clients not to click on the link or provide any information.
Thank you for the opportunity to serve you. The security of all accounts is important to us.
Joel is a CERTIFIED FINANCIAL PLANNER, Accredited Investment Fiduciary®, and a NAPFA-Registered Financial Advisor. He holds a BS from Liberty University and completed the University of Georgia – Terry College of Business' Executive Program in Financial Planning. He is passionate about offering unbiased financial advice and helping clients achieve their goals and objectives.