Written by: John Visack , CTO at GWG Holdings
“Hacking” is nothing new. That’s the first thing to remember. The second thing to remember is this: you will be hacked—it’s only a question of when. Today, cyber criminals are the true “stranger danger” in a world where one of our most valuable assets is the personal information we share and store online.
Cybersecurity took the spotlight again last month when Equifax announced a breach that exposed the Social Security numbers and other personal information of at least 143 million Americans. The totality of the scope was breathtaking; but were any of us surprised? The list of companies and agencies that expose our data is growing so fast, we’re becoming desensitized to how serious of a concern this has become. Whether the hack took place using a sophisticated exploit that the company was aware of , or old fashioned social engineering where the password was guessed correctly; there is a chance that these and future hacks will affect you—and your clients.
When I started working in technology over 20 years ago, the World Wide Web was relatively new, and everything about it was incredibly exciting. Sure, there were hackers out there, but the targets were large organizations that had the software, secrets, and access criminals desperately wanted. The rest of the industry focused on finding value in this exciting new tool, and the riches that could come from connecting or servicing this new digital frontier.
Our passport onto this social and commercial superhighway today is still the personal information that defines who we are; and that data has become incredibly value to companies and, of course, criminals who are growing in sophistication. Today, our devices and online accounts hold most, if not all of our data. The convenience of using your phone to swipe with Apple Pay or 1-Click Ordering from Amazon comes with a serious risk of that data being stolen and irreparable damage being done to our identities.
Every business needs to have a plan for how they will approach cybersecurity. At GWG Life, we implemented a cybersecurity policy based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework that outlines how we prepare for, prevent, and respond to any cybersecurity event as a publicly traded company. It plays a significant role in our day to day, and is quickly becoming a keystone in due diligence for partners that wish to work with us.
As a financial advisor, proactively managing the risk of a cyber attack is vital to maintaining your clients’ trust. But how? You certainly can’t put your business on hold to tackle the challenge, and yet not addressing it can make you vulnerable to attack. Just like every consumer and every corporation, you need to find the sweet spot between security and convenience. Here are five steps to start being proactive in protecting yourself and your clients from a cyberattack—without grinding your business to a halt:
1. Change your login habits.
That old chestnut! You should create longer passphrases, not more complicated passwords. Hackers on modern hardware can run programs that guess 8 billion passwords per second. Every extra character adds the amount of time it would take to guess your credentials, so longer, random words that mean nothing to you are usually better.
Always use multifactor authentication. Check to make sure the services you use have it here Complain if it is not offered.
2. Secure your devices.
Our phones and computers have more personal information on them than our wallets and purses ever did. Basic protection on your devices is easier than ever. Make sure nobody can get in without your authorization. Use the encryption that is built in to your phone and computer. Your mobile devices should be set to be wiped remotely if you lose them.
3. Understand your risks.
FINRA has a fantastic checklist for small firms that is based on the same framework GWG Life used for our own policy. Understand what responsibility you have to yourself, your clients, your business, and the industry by using this as a playbook.
4. Get help.
Cybersecurity is a vast industry with as much nomenclature as any other specialized field in business today. A great Managed Services Provider (MSP) can be invaluable to mitigating your risk, and keeping your costs down. You cannot expect one person to do or know everything, and an MSP is a great way to protect you from human “single points of failure.”
5. Make time.
No matter the size of your firm, cybersecurity cannot be an afterthought. Budget time like you do anything else to make sure your devices are up-to-date, your data is being backed up, and nothing is running on your devices that shouldn’t. We all have a part to play in keeping each other safe, and it starts with making sure you’re in the free and clear.