1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach from Target and Home Depot, to JP Morgan/Chase and the Apple icloud, just to name a few. These breaches and hacking are becoming the new norm in today s digital age. It s no longer a question of if it will ever happen it s a question of when and how bad will it be. It s important to be prepared when a breach affects you, protect yourself as much as possible, and know what to do when your information does become compromised. How hackers get your secure data and information* Before the days of internet and technology, identity theft happened through things like phone scams, mishandling of medical records, mail and check fraud, or having your wallet stolen. While those things still happen, the digital world has opened many more avenues to lift your personal information like social security number, name, birth date, email address, mailing address, security questions and answers, passwords, and financial information. A few common easy access points hackers target: Email Hacking This can include compromised email login information (either the thief guesses it, or receives information from somewhere else), or if a thief steals physical technology like a laptop, ipad, or cellphone that has access to your email access to your email opens pandora s box. If your email serves as a login to other websites like online banking, social media, or favorite shopping sites, these thieves can easily send password reset requests, or find out other personal information, like personal records or even who your wealth manager is, for instance. They can even send your friends and family emails pretending to be you asking for things or information. We ve had a few instances where thieves hacked client emails and requested wire transfers, or other information from us here at CWM. Luckily, we were able to spot the red flag, but it could
2 of 5 11/17/2014 4:14 PM have been a horrible situation. It is yet another important reason why we ask you to verify yourself over the phone when we give out any information, or process requests. Unsecure Browsing If you re visiting questionable sites, surfing on free/public Wi Fi, or browsing without a firewall or outdated browsers and plugins, you re putting yourself and your computer at risk. Improper Password Practices Do you use the same password for all of your logins? Or maybe your passwords are things like Password123 or 123abc123. Another risk is keeping your password list in a place (either on your computer or a physical printed list) that is unsecured. See below for some safe password practices. Tax/Identity Theft, IRS Scam the IRS warns of scammers looking to exploit you in a number of ways. Some hijack your tax filing by submitting a return before you do under your SSN, or someone may call you claiming to be from the IRS, accusing you of owing money. Their official statement is to always remember: The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. Data Breach these are unpreventable for the most part. These attacks are on vendors like your bank or stores you shop at anywhere you ve visited with your digital footprint like your email, address, date of birth, payment information, or security questions and answers. A Few Tips to Help You Protect Yourself Online* Safe Email Practices Beware of suspicious links in emails from friends or unknown senders. If a friend sends a questionable email, it s best to call them and ask if they intentionally sent the email, that way if they didn t send it they can address their hacked email account. Forward any suspicious emails, or emails from people claiming to be from the IRS to phishing@irs.gov. (More information on IRS suggestions). Use 2 step authentication. Encrypt sensitive documents being sent via email. Secure Computing Always browse the web behind a reputable antivirus software/firewall. Visit only trusted websites using a secure wifi/internet connection, and avoid those that trigger your antivirus software. Avoid using public wifi. Do not provide sensitive information on unsecure networks. Always double check a site for the https and/or lock image in the address field. Forward any sites claiming to be the IRS, but do not start with www.irs.gov forward the link to phishing@irs.gov. Proper Password Practices Your passwords should be 6 8 characters long at a minimum (some places suggest over 16 characters). Use a mixture of letters, numbers, and symbols uppercase and lowercase. Use 2 step authentication where possible. Two step authentication requires information from two sources to log in. A hacker would have to have your login information AND your cell phone to
3 of 5 11/17/2014 4:14 PM retrieve a secure code via text or app. Do not use the same password for all of your sites. If a hacker gets one, you don t want them to be able to access all of your digital life. Social Media Safety Refrain from posting personal information online. Don t post personal details such as phone numbers, addresses, or indications of your financial situation (like your great credit score, employment, luxury purchases, etc.). Rule of thumb: if you wouldn t want it posted in Times Square, don t post it online. Don t post your future plans, or anything defining your daily routine. Thieves can pick up your patterns based on when you post them or if you re going on a long vacation and they will know when your house is clear for burglary. As much as you love sharing the details of your kids, grandkids, nieces and nephews, you can be exposing them to identity theft. If you post information including their full name and date of birth, thieves can target their fresh and new identity too. Be Proactive Proactively monitor and report discrepancies in any of your financial statements, or on accounts. The sooner you act, the better. Your financial institution or company that you re doing business with will be the best place to start when making a formal report. Keep track of all dates, times, and contact information for those you talk to regarding reports you re making. Sign up for a credit monitoring service, if you feel the need. If you believe you ve been a victim of identity theft of any form, here are some steps to take:. Place an initial fraud alert: Ask 1 of the 3 credit reporting companies to put a fraud alert on your credit report. They must tell the other 2 companies. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days but you can renew it.. Inform CWM: It s important that we know about your breach, so we can set an alert on your account and act with extra caution when fulfilling any requests in the near future: 425.778.6160 / 800.268.2440 or email info@cwmnw.com. Order your credit reports: Identity theft victims are entitled to a free credit report from each of the 3 credit reporting companies.. Create an identity theft report: An Identity Theft Report gives you some important rights that can help you recover from the theft. To create one, file a complaint with the FTC and print your Identity Theft Affidavit. Use that to file a police report and create your Identity Theft Report.
4 of 5 11/17/2014 4:14 PM No matter who you talk to along the way, be organized and document everything. Here s a great chart visualizing this: Click to Enlarge Source: FTC, Taking Charge: What To Do If Your Identity Is Stolen (Click for the full PDF resource) What is CWM doing to protect your information? The Presidential Policy Directive 21 (PPD 21) issued in February 2013 suggests financial services firms are the number 1 among the 16 critical infrastructure areas designated in PPD 21. 1 Comprehensive Wealth Management has an IT security protocol in place to help safeguard the company and our clients information. Each team member is trained and informed of the company policies and protocol in place. While it is no guarantee that we will be able to combat every threat, we are constantly reviewing our protocol and practices to make sure we are as secure as possible. A few of our protocols: Paperwork containing sensitive information remains on secured CWM office premises at all times. Sensitive information exchanged via email is encrypted. External drives (such as flash drives, external hard drives) are not transferred between internal and external computers. Information may only be exchanged via secure email. CWM team members working from remote locations must provide their IP address prior to connecting to the secure network. Team members will not willfully visit internet sites deemed unsafe to CWM s network. Team members practice sound judgment when accessing hyperlinks in emails. All devices are fully protected and updated at all times (we use a service called Security Snapshot).
5 of 5 11/17/2014 4:14 PM Portable computers must be fully encrypted. Team members are expected to report any suspicious activity, or computer performance both on internal computing, and for red flags surrounding clients and client requests. CWM offices are key card access only outside of regular business hours and sensitive information is either shredded or kept in secure locations. If there is a security breach to any degree in which your information has been potentially compromised, you can expect to be notified with details and actionable steps moving forward. The Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker dealers and registered investment advisors, focusing on areas related to cybersecurity. 2 CWM is dedicated to upholding the security of your personal information to the best of our ability. Reliable Resources for Breach and Technical News and Information** IRS Identity Protection Charles Schwab Federal Trade Commission ID Theft Federal Trade Commission Phishing Identity Theft Resource Center Identity Theft Prevention and Survival Social Security Administration Justice Department Postal Inspection Service Sources:. Compliance Review, Charles Schwab Advisor Services. October 2014.. SEC Cyber Alert, April 15, 2014 * Please note these suggestions are not all inclusive, and serve to just be reminders for safe computing. ** Note, these links are being provided as a service convenience. CWM is not affiliated with any of these organizations and cannot guarantee their accuracy, effectiveness and/or completeness. This article has been prepared and distributed for informational purposes only and is not a solicitation or an offer to buy any security or investment or to participate in any trading strategy. Information is based on sources believed to be reliable; however, their accuracy or completeness cannot be guaranteed. This information is not intended to be a substitute for specific individualized tax, legal or investment planning advice as individual situations will vary. For specific advice about your situation, please consult with a financial professional. Past performance is no guarantee of future results. Copyright 2011 2014 Comprehensive Wealth Management. All Rights Reserved. Securities offered through Independent Financial Group, LLC, a registered broker dealer. Member FINRA and SIPC. Advisory services offered through Comprehensive Wealth Management, LLC, a registered investment advisor. Independent Financial Group, LLC, and Comprehensive Wealth Management, LLC, are not affiliated. Office Of Supervisory Jurisdiction: 12671 High Bluff Drive, Suite 200 San Diego, CA 92130. Site Design and Development by RocketDog Communications