Our Cybersecurity Initiatives and How you Can Digitally Safeguard Your Information
Blair Braden
Let's begin by addressing the question, what is cybersecurity? According to FINRA, a broad definition of cybersecurity is "the protection of investor and firm information from compromise through the use—in whole or in part—of information technology."1
Essentially, the plethora of security measures that fall beneath the cybersecurity umbrella protect your personal information, including your identity, account information, credit and debit card data, contact information, passwords, and so on.
While cybersecurity has grown immensely throughout the digital era, the Coronavirus pandemic has magnified the importance of online safeguards, especially when it comes to government stimulus. Over the past year (dating back to January 1st, 2020), the Federal Trade Commission (FTC) has reported $307 million in losses linked to stimulus check fraud.2
Chart Source: Federal Trade Commission/Tableau Public
Notice in the graph above, reports of fraud began to climb in late March and remained elevated through the April disbursement of $1,200 individual stimulus checks. Again, reports surged in January 2021 amid news of the second wave of $600 stimulus checks.
As the world transitions to a greater digital presence, we can be sure that fraudsters will continue to work tirelessly to enhance their schemes—a bit frightening, huh? Thus, I wanted to touch on various cybersecurity measures that we (Denver Wealth Management) take to protect our clients' information. I also want to shed light on a few best practices that you can implement to protect your own online presence.
ELEVATING OUR CYBERSECURITY PROCEDURES
At Denver Wealth Management, Inc. (DWM), we understand the importance of our clients' personal information, and we take great pride in our cybersecurity initiatives. As the world transitioned to a government-mandated work-from-home lifestyle in 2020, our team took it upon ourselves to enhance our cybersecurity procedures beyond the strict LPL Financial, FINRA, and SEC-required protocol.
We cannot guarantee against cyberthreats—unfortunately, no one can—but we can take significant action to limit the risk of a data breach and implement an abundance of digital protection to shield our clients' personal information.
In addition to the many digital safeguards that we had already established (i.e., encrypted email and data-sharing platforms, complex password requirements, physical safeguards, etc.), we opted for further protection from a service called Entreda Unify. Although not legally required by financial regulatory authorities, we felt an additional layer (actually, several additional layers) of cybersecurity was in our clientele and team's best interest.
Installed on any DWM device used for client communication (mobile devices included), Entreda addresses all of the National Institute of Standards and Technology (NIST) cybersecurity framework categories—and then some!
KEY CYBERSECURITY ELEMENTS
Financial schemes are nothing new. Scams such as phishing, imposter websites, malware, fraudulent wires, and data breaches have been a threat for most, if not all, of the digital era. That said, I want to take a moment to share some of the additional cybersecurity precautions that we are taking to protect our clients' data, information, and assets. The safeguards mentioned may also be utilized in your personal life if necessary.
Note: If you are akin to the tech topics below and notice an error, don't hold it against me. I'm a wealth advisor: I can navigate the world of finance but have also been known to struggle on Zoom occasionally.
AUTO VPN: This is one feature that I am most excited about (as excited as one can be about cybersecurity). The term "virtual private network," or "VPN," as the cool kids call it, creates a private connection from a public network (public Wi-Fi).3
Reminisce for a moment to your lifestyle pre-pandemic. You're mask-less, in a coffee shop, away from the kids, headphones in, sipping on a vanilla latte (Austyn, our marketing coordinator's drink of choice). If you connect to the coffee shop's Wi-Fi, you are vulnerable to a cyberattack from others on the same Wi-Fi. Granted, this isn't generally the case, but if a cyberthief was inclined to and skilled enough, he or she might be able to access personal information used throughout your online presence (e.g., credit card information if you're online shopping).
A VPN establishes a secure and encrypted connection from your device that masks your IP address, virtually making your online actions untraceable. It does so by "scrambling" the data, so it's unreadable across the network.3
Sort of make sense? While we do our best to avoid potentially compromising public networks, the global transition to working from home has made that increasingly difficult. Entreda offers our team an automatically connected and secured VPN as an additional layer of online cybersecurity.
VPNs are available to anyone and everyone. If you tend to conduct business (or online shopping) over public Wi-Fi networks, you may consider exploring private network options. VPNs will also hide your entire browsing history from your service provider, which may otherwise be available.
ANIT-VIRUS AND ANTI-MALWARE: Malware is a catch-all term for malicious software designed to cause damage to your computer, service, or network and is often used to extract personal information that can be leveraged for financial gain. A computer virus is merely a specific type of malware.4
Of course, SEC and FINRA member firms are required to utilize anti-virus and -malware services. As a matter of fact, most modern devices include a free blanket of protection. However, we didn't feel that was enough.
By utilizing the services of Entreda, our team and clients benefit from an additional layer of security via actively managed anti-virus and anti-malware statuses across all devices. Therefore, although uncommon, we can identify and avoid potential leaks more quickly and effectively.
When it comes to your personal digital protection, determine if your devices offer anti-virus and -malware protection. Generally, it's relatively easy to set up.
FULL DISK ENCRYPTION: Rather than the abundance of fluid data transferred across a network such as email or internet browsing (as protected by our nifty VPN), full disk encryption protects the contents resting on a device (e.g., your laptop). That may include private files, personal documents, etc. If your device is stolen or lost, the contents, when fully encrypted, cannot be accessed, even if the hard drive is transferred to another device.5
Like anti-virus and -malware systems, our regulatory bodies mandate full disk encryption. It is also available for free on nearly all modern devices. Full disk encryption is nothing new to DWM. However, as our team becomes more mobile and diversifies across various devices, Entreda takes things one step further and provides active encryption management to ensure all of our devices are protected.
As mentioned, full disk encryption is available in nearly all modern devices. Again, I'm no tech guru, so I cannot walk you through the encryption process, but a quick consultation with your search engine should have you protected in no time. Usually, it merely involves you opting in and creating an additional password.
GENERAL CYBERSECURITY BEST PRACTICES
Our team has gone beyond the basics to protect your information, which may not be necessary in your everyday life. There are, however, a plethora of best practices when it comes to avoiding financial scams.
EMAIL: You've probably seen your fair share of phishing emails pop up in your inbox. The sender requests funds in some way or another (often prepaid debit or gift card) and, in turn, promises a fruitful return on your selfless investment. Sounds legit, right? Wrong.
One common phishing scam that popped up concurrent with stimulus checks offered "faster aid payments" or additional payments for a small fee. Of course, there was no faster or additional payment—it was a scam. Another email scam asked recipients to verify personal information to receive their stimulus check.
If you believe the email is real, find the respective agency's contact information (e.g., if the email claims to be from the IRS, find the IRS's information separately) and contact them directly.
PHONE: Phone scams ranked second behind emails in stimulus fraud reports.2 A good rule of thumb is to avoid answering calls from unknown numbers—allow your voicemail to provide further vetting.
Like emails, contact the respective agency directly. Another best practice regarding phone scams is to slow down. Scammers are known to employ high-pressure tactics, urging victims to fulfill their financial scams quickly. If that is the case, do not hesitate to hang up and call back at a trusted number.
Note: The IRS will not call, text, or email anyone to verify their information.
MAIL: Although it doesn't fall within the realm of cybersecurity, fraudsters have gotten creative with the good ole' postal service.
As stimulus checks hit mailboxes throughout the past year, so did fake, lookalike checks. Fraudsters will send what appear to be legitimate, government-issued checks. When the recipient deposits the phony check, the fraudster will reach out claiming that the check was issued for too much and demand that the victim pay back the difference.
Long-story-short, the victim pays the fraudster the "excess" before the check is accepted, the bank bounces the fraudulent check, and the victim is at a loss. Creative, I know.
In that instance, the Better Business Bureau (BBB) recommends thoroughly examining the check and verifying the issuing body. Often times, scammers will make up phony agency names.6
A FEW LAST WORDS ON CYBERSECURITY
In addition to the three key security elements listed above, Entreda provides our team members with secure remote desktops, real-time data leakage monitoring, secure firewalls, operating system updates, and complex password policies across devices.
Denver Wealth Management, Inc. was founded on the fundamental principle of putting our clients' needs first. That includes our obligation to protect your information, identity, and assets.
We will continue to employ organizations that will assist in the protection of our clients. We would also recommend that you establish necessary safeguards to protect information in your own digital presence.
If you have any questions regarding our cybersecurity initiatives, financial scams, or your long-term financial plan, please do not hesitate to call our office at (303) 261-8015.
Sources
1“Cybersecurity.” FINRA, n.d. https://www.finra.org/rules-guidance/key-topics/cybersecurity#overview (Accessed January 20, 2021)
2Federal Trade Commission. “FTC COVID-19 and Stimulus Reports.” Tableau Public, January 18, 2021. https://public.tableau.com/profile/federal.trade.commission?utm_source=govdelivery#!/vizhome/COVID-19andStimulusReports/Map (Accessed January 20, 2021)
3Symanovich, Steve. “What is a VPN?” Norton, January 14, 2021. https://us.norton.com/internetsecurity-privacy-what-is-a-vpn.html (Accessed January 20, 2021)
4“What is Malware?” McAfee, n.d. https://www.mcafee.com/en-us/antivirus/malware.html (Accessed January 20, 2021)
5Zetter, Kim. “Hacker Lexicon: What is Full Disk Encryption?” Wired, July 2, 2016. https://www.wired.com/2016/07/hacker-lexicon-full-disk-encryption/ (Accessed January 20, 2021)
6Leonhardt, Megan. “5 Common Stimulus Check Scams Experts are Warning Consumers to Watch for.” CNBC, December 20, 2020. https://www.cnbc.com/2020/12/29/stimulus-check-scams-here-are-red-flags-to-watch-for.html (Accessed January 20, 2021)
Disclosures
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual.
The information in the links above are being provided strictly as a courtesy. When you link to any of the web sites provided here, you are leaving this web site. We make no representation as to the completeness or accuracy of the information provided at these web sites. Nor is the company liable for any direct or indirect technical or system issues or any consequences arising out of your access to your use of third-party technologies web sites, information and programs made available through this web site. When you access one of these websites, you are leaving our web site and assume total responsibility and risk for your use of the web sites you are linking to.
Entreda Unify is not affiliated with LPL Financial and Denver Wealth Management.
All information is believed to be from reliable sources; however, Denver Wealth Management, Inc. and LPL Financial make no representation to its completeness or accuracy.
Companies mentioned are for informational purposes only. It should not be considered a solicitation for the purchase or sale of the securities. Any investment should be consistent with your objectives, time frame and risk tolerance.