Spring is finally here and this time of year always brings a renewed focus on getting healthy for summer beach vacations. But now that a fresh season is among us, it’s time for us to also focus on the cyber health of our practices.
According to Security Magazine, there is a hack attack every 39 seconds on average. As a firm, we at Kestra Financial are always doing whatever we can within our internal systems to protect the privacy of our partner firms and their clients.
However, there are a few things you as an adviser can do proactively for added protection.
Train your staff to be vigilant. Businesses often don’t realize the biggest threat to their cybersecurity health is, unintentionally, their employees. To help mitigate this threat, train your staff to be weary of emails that claim to be from trusted partners but don’t appear to make sense (these are likely phishing attacks). Also, warn your staff to not type username and password information into a website simply because it asks for it. This is the most common way our advisers get breached. Odds are, if something doesn’t feel right, it probably isn’t. When in doubt, proceed with caution.
Practice safe web behavior. Do not type sensitive information into websites without an “https” prefix included as part of the URL. Always use strong passwords that are at least eight characters or longer and include a mixture of symbols, letters and numbers. As a rule of thumb, if your password is in the dictionary, it is likely not strong enough. Also, be sure to never use the same password across multiple websites.
Beware of ransomware. When it comes to cybersecurity, it’s not just about privacy, but also access. Sometimes, instead of stealing your data, hackers will encrypt your computer and hold it for ransom until they are paid. Nowadays, it is fairly simple for hackers to conduct clandestine, international transactions, especially with anonymous digital currencies such as bitcoin. With this in mind, your backup strategy is almost just as important as your cybersecurity strategy. On a recurring basis, practice backing up your data and then re-uploading it back into your system. If you have a strong backup strategy, you can make yourself immune to ransomware attacks.
Avoid using obscure, free software downloads and file-sharing utilities. This is frequently how hacking activities start and spread. Free video conversion utilities are especially common and should not be downloaded unless they have been purchased from a trustworthy source. Even if only one employee downloads a virus, it could spread across the firm.
Heed warnings. If you are using a browser and get an error message noting an invalid web certificate, you should never continue. Websites oftentimes get hijacked, and the only way to know if your website is actually the one you were looking for is if there is a valid certificate. For example, hackers can screenshot what the Gmail login page looks like and fool you into thinking you’ve landed on that page, even though they’ve redirected you to their site. When a website masquerades as another website, it is called the “Man-in-the-middle attack,” and it should be avoided at all costs.
In conclusion, if you suspect that you’ve been hacked or your data has been stolen, act quickly. At Kestra Financial, we encourage our advisers to contact us for assistance whenever they suspect they may have fallen victim to cyberattack.
Kevin Witt is the chief technology officer for Kestra Financial, where he leads the company’s drive to provides its advisers with innovative tools and technology that will empower their success. Kevin’s team is responsible for the design, development and implementation of a wide portfolio of applications used by employees at the Kestra Financial home office and advisers in the field.
Editor’s Note: A version of this post appeared on Kestra Financial’s blog and can be found here.