Ghosts, Goblins, and Cyber Criminals, oh my!
October is a scary month full of ghosts and goblins, so be careful out there! October is also Cybersecurity Awareness Month, so you should also take this time to think about your information security.
National Cybersecurity Awareness Month was started in 2004 by the National Cyber Security Division of the United States Department of Homeland Security and the non-profit National Cyber Security Alliance. The event is designed to promote cybersecurity awareness for individuals and businesses. StaySafeOnline provides a wealth of tips and resources, as does the FBI.
Due to the nature of their business, financial advisers have a wealth of personal information about their clients, often stored electronically. Because of this, they are a prime target for hackers. Regulators have repeatedly said that they expect financial advisers to have cybersecurity policies and procedures in place to adequately protect personal data.
If you don't have a cybersecurity policy in place for your advisory firm, now would be a good time to consider one. There are many resources online, or we have a template available, to help you get started. If you do have a cybersecurity policy, take the time this month to review it to make sure it is up-to-date and designed to adequately protect your information technology systems.
For businesses, the number one threat to security is their employees. Now, wait... this doesn't mean that you have a professional hacker on your team, so quit looking around suspiciously. The vast majority of data breaches are caused by human error. These human errors can include such things as careless disposal of documents, loss of an electronic device, inadequate password use, or being tricked by spoofers, phishers, or social engineers.
So how do you prevent these human errors? Training. It's not that people are inherently bad, they just need some reminders. Take the time to educate yourself and your employees. Some topics for training may include:
Refraining from discussing confidential information in public spaces.
Creating secure passwords, keeping those passwords confidential, and changing them frequently.
Maintaining a clean-desk policy, making sure that confidential documents aren't left unattended on your desk or in work areas.
Locking your computer when not in use, as well as locking desks and filing cabinets, and keeping your office space secure.
Sharing confidential data through secure means, such as a secure file-sharing service or encrypted emails.
Avoiding trickery by spoofers or phishers by looking carefully at emails before clicking on any links or attachments.
Disposing of paper records by shredding, and disposing of network hardware and devices securely.
If you need some help with your cybersecurity policy or training, let us know. In the meantime, we hope October brings you more treats and less tricks!