The increasing number of data breaches and identity theft is a major concern. Recent high-profile stories like the Equifax breach and the Cambridge Analytica-Facebook scandal remind us of the ubiquity of the problem.
It is therefore very timely to talk about some of the ways Sensible Financial works to protect your data. Interspersed throughout this article you’ll also find tips to help you protect your own information.
Every Sensible Person uses a password manager to store and update the numerous passwords we use to secure information in the regular course of business. The password manager easily generates complex passwords to ensure a high level of security, greatly reducing the likelihood that an outsider could crack one of our passwords. In fact, our passwords are so secure that we typically don’t even know them. If someone kidnapped a Sensible Person and tried to forcibly extract their Fidelity or TD Ameritrade password, we literally wouldn’t be able to tell them.
Sensible TIP – Most people would benefit from using a password manager. Studies show that people who manage their own passwords often use the same passwords for multiple sites and/or use easy-to-hack passwords. Although Sensible Financial uses Last Pass password manager, we do not specifically endorse any one product. We encourage you to consider researching the available options. Here’s a helpful review of 2018 password managers from PC Magazine: https://www.pcmag.com/article2/0,2817,2407168,00.asp
Dual factor authentication
Dual factor or multi-factor authentication refers to the process of confirming a user’s identity using two different factors, usually a password (factor one) and a physical device, like a cell phone (factor two).
Whenever appropriate, Sensible Financial enables dual factor authentication for its various points of access. Let’s return to the above example of the password manager. It’s not enough that a Sensible Person logs into Last Pass with their Master Password. We must also authenticate ourselves using an app on our cell phones. If someone were to try to impersonate a Sensible Person and somehow got through the first layer of security, without an employee’s physical phone they would not be able to continue.
In addition to securing our password manager, Sensible People also must dually authenticate to log into their computers. This means that an impersonator would have to verify their identity with both a Windows password and a Sensible Person’s user’s app-enabled phone to log into our systems.
Importantly, multi-factor authentication gives us greater control in the event of an emergency. To return to the kidnapping scenario for a moment: if we knew, for example, that someone had kidnapped our Chief Compliance Officer (sorry Chuck!) we could simply disable his cell phone authenticator so that even someone with Chuck’s password and phone could not access our systems. Of course, there would still be the issue of rescuing Chuck from his captors, but at least our clients’ data would be protected!
Sensible TIP – Not all websites support dual factor authentication. However, you can easily check using the following site: https://twofactorauth.org/. We strongly recommend setting up dual factor, if available, for all sites that contain sensitive information, such as your email and bank accounts.
Limited access to confidential information
As a financial services firm, Sensible Financial necessarily has access to sensitive client information. This information includes Social Security Numbers, financial account numbers, addresses, birthdays, etc. We limit our staff’s access to this information based on their role in the organization. For example, our client relationship management solution –an encrypted database which we use to store client information – allows us to restrict information such as Social Security Numbers and, if applicable, account login information to certain employees. Our Operations team meets regularly to review user access and make recommendations as we upgrade our systems and processes.
Daily visibility into your accounts
Every morning our Investment Operations team assembles a report detailing all major transactions in our clients’ accounts. The report summarizes activity like ingoing/outgoing transfers of cash and securities. Any nonrecurring activity is flagged and must be confirmed by either your Advisor or Associate Advisor. If we notice suspicious or unexpected activity in your account(s), we’ll reach out to you for clarification.
Sensible TIP – In addition to the accounts we manage for you at Sensible Financial, it’s a good idea to have insight into your other accounts as well. Here are a few tips. One, regularly examine your credit card statements. Pay close attention to recurring charges (even small dollar amounts add up over time) and one-time large or unexpected charges. Two, if your credit card provider offers opt-in fraud alerts consider signing up for them. Some credit cards, like Visa, automatically scan for suspicious activity and will alert you when they think they’ve found a questionable transaction. Three, review your credit reports regularly at https://www.annualcreditreport.com/index.action. You may also wish to consider freezing your credit with the three major credit reporting agencies, which makes it almost impossible for someone to open a new line of credit or financial account in your name.
Knowing our clients
One of the most important security measures we have in place is that we know our clients. We meet regularly, usually annually, with clients and do our best to understand their goals and priorities. This means that if an email arrives asking us to do something uncharacteristic, we’re more likely to be able to spot it as fraudulent.
Sensible TIP – Communication is a two-way street. If something important in your life has changed, particularly if it may have financial implications, we want to hear about it. If you’re planning on buying a second house in Nigeria, we should know about it before you ask us to wire $200,000 overseas. Otherwise, we’re likely to be extra suspicious of your e-mail. (I’m not joking, we’ve received such e-mails!). When in doubt, schedule a call with your team or send us an e-mail to keep us up-to-date.
Unfortunately, issues of data vulnerability and theft abound. We know both from the news and our own experience that the sophistication of fraudsters is increasing over time. Sensible Financial takes our clients’ security very seriously. We will continue to allocate resources to strengthen our policies and procedures to improve our clients’ data security.
Frank Napolitano is a Senior Financial Advisor and CERTIFIED FINANCIAL PLANNERTM. To speak with Frank or another member of our team about your financial future, get in touch today.