Last year 15.4 million U.S. consumers were victims of some form of identity fraud. In the past six years thieves stole over $107 billion (source: Insurance Information Institute). As businesses become more reliant on computers and electronic data, the risk for exposure grows. Registered Investment Advisors, RIAs, are not immune to that risk. We are always thinking about RIA cybersecurity. The measures we can take to protect electronic data from unauthorized access.
Your security is something we take very seriously. A year and a half ago, we made a significant change in our RIA cybersecurity. We changed the way we access and store your data to help protect you. Before, all our electronic data was stored on-site. Our server was behind three locked doors, but each computer had its own data as well. In the event of a break-in, the computers would make tempting targets, and that bothered us. Beyond that, we were at the mercy of our machines. A broken or malfunctioning computer was a true headache. It could take more than a day for our tech support to make it in to fix the problem. And we can’t forget the horrible process of having to reinstall every program and move all our documents.
Safety and less downtime were the main reasons we engaged the services of RightSize Solutions. The Kansas City-based firm specializes in RIA cybersecurity and offers a “cloud-based” platform. Cloud-based services are becoming more and more common. If you have an iPhone or iPad, you are probably familiar with Apple’s iCloud, a way to back up your electronic data. What it means for us is our desktop, documents, and programs are not housed on the machine in front of us. We access these via the internet. Their service is supported by a U.S. based help desk, staffed 24/7.
What this means is our physical computers are still present, but we now use them differently. When we log onto our computer, we click an icon that takes us into a virtual environment. A desktop within our desktop. The computer we work on is in Kansas City. Secured and monitored off-site and guarded with military grade RIA cybersecurity technology.
Client data is no longer stored on our local computers. If a thief were to steal our computers, they wouldn’t even be able to access our internet browsing history. All work is done in the security of that cloud-based environment.
We can log into that environment from any computer, work from anywhere. Multi-factor authentication is used to help prevent unauthorized access. We verify our identity using a strong alphanumeric password and an app on our cell phones. As you might imagine, forgetting your cell phone at home is a bit of a nightmare, but your safety is worth it!
If you are an investment client, you know we use Charles Schwab as our third-party custodial broker/dealer. Schwab takes RIA cybersecurity to the next level. They require us to use a multi-factor authorization, a password and another app on our cell phones. They also continually monitor your accounts for unusual activity. Addressing potential threats by working with government agencies and law enforcement. If they detect something, like a fraudulent log-in attempt, your accounts are frozen until they speak to you. If something does occur they will walk you through how to help prevent a reoccurrence. Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.
On your end, they also try to make it obvious you are on an authentic site. When you're on Schwab's site a green padlock and the word “Secure” appear in front of the address in your browser. Read more about Schwab’s security measures here.
As another RIA cybersecurity measure, we removed Social Security numbers from our electronic data. Schwab is the only place we can find these numbers. Additionally, quarterly reports do not show full account numbers. Only the last four digits are listed to help you identify accounts.
If we’ve ever emailed you a document, like a Financial Planning Update form, you may have noticed that we use a service called ShareFile. ShareFile is used by more than ten million people and over 30,000 businesses. They use the same type of encryption as Amazon to keep your transactions secure. Documents sent using ShareFile bypass public domain. They are held in a safe place until you download them. Even better, it’s easy to use. Just click on the link in our emails to download, or upload. You will not have to log in, and no password is required. You will be prompted for for your name and email address. This information is then sent to us, so we can see when and who downloaded or uploaded documents. These links expire in seven days and the document disappears, to increase your security. If in the unfortunate event someone were to “hack” into your email, an expired link gets them nowhere.
Trade, buy and sell requests are only accepted verbally. If you send us an email asking for us to transfer money for instance, we call you to confirm that the request is genuine. RIA cybersecurity concerns make us vigilant in getting voice confirmation for these requests.
These precautions and steps in RIA cybersecurity aim to give you peace of mind. You can rest easy knowing that we are working hard to keep your private information safe and secure. We have chosen trusted providers to help us in safeguarding you from fraud. These providers are on top of the latest security measures. They are reliable, and help us spend less time fiddling with malfunctioning computers and more time serving you.
Please don’t hesitate to ask if you have any questions about the measures we’ve taken to ensure your safety. The idea of removing your Social Security number came indirectly from a conversation with a client. We are always watching for more and better ways to live up to the trust you place in us. Keeping you and your personal information safe and secure is a high priority.