Data Breach Deja Vu

facebook-data-dislikeSocial media behemoth Facebook landed itself in hot water this week when it was revealed that the company allowed a third-party firm to gain access to user data. This latest scandal comes amid a slew of serious data concerns and shows just how careful we need to be with our information in this digital age. In the world of mobile devices, social media, and the cloud, it can be disconcerting to think that your personal information might just be floating around out there.

The data firm, Cambridge Analytica (CA), accessed information from tens of millions of Facebook users without their permission and “improperly” stored this data for years, despite CA’s claim that the sensitive data had been destroyed. Furthermore, CA, who is known for supplying marketing data for political campaigns, is believed to have harvested this information for political campaigns after 2013.

According to the Wall Street Journal, Facebook bears a huge amount of blame for allowing CA to get its data to begin with. However, reports calling CA’s data harvesting a “leak,” a “hack,” or a serious violation of Facebook policy are all, unfortunately, incorrect. All of the information collected by the company was information that Facebook had freely allowed app developers to access.

Now, an investigation is being launched to find out exactly who knew about this large-scale improper data usage and when they knew about it. According to Facebook, this serious slipup should not be considered a data breach, because the data firm abused user data that was openly shared with third parties. However, I think we can all agree that sharing user data with third-party firms opened up the floodgates for illegal data breaches and abuse of personal information – as seen by Equifax in June of 2017. While Facebook’s stock takes a nosedive and the company tries desperately to get out in front of this PR nightmare, the rest of us are left reflecting on how our sensitive data is being handled and what measures are being taken to protect it.

As a common rule of thumb, it should be noted that you should never keep sensitive information on any social media platform. This includes but not limited to phone numbers, addresses and even email addresses. While your email address, and sometimes phone numbers, are needed for the account setup in many social media platforms, this information should never be made viewable by friends or followers on any social media platform

With DWM, you don’t have to spend any sleepless nights wondering about how your personal and financial information is being handled. Our firm and our preferred custodian, Charles Schwab, would never jeopardize our clients’ information by handing out data to third parties. You can feel confident knowing that your information will never be released to any outside parties for any reason (except with your explicit permission).

You may want to consider deactivating your Facebook account, but you can rest assured that your financial information with DWM is safe and secure.

Safe and Sound

Security, or a lack thereof, has been a hot topic in the news lately, ranging from high-tech hacking scandals to sensitive information leaks. During a time of such concern, we can all agree that security is a top priority in our lives and cannot be overlooked or taken for granted. Whether it is national security, personal security or investment security, one thing is for sure – security is essential in our lives.

The trusted preferred custodian of DWM, Charles Schwab, has always found new ways to implement innovative security functions to protect both the advisor and the client. In addition to a focus on low-cost trading, Schwab has also always focused on investment security and client interests.

Charles Schwab takes multiple steps to ensure the security of client and advisor accounts, and to guard against any potential unauthorized access. Let’s examine some of these key security measures in depth.

Login Authentication and Encryption

SchwabSafe is collection of security measures that ensures the security of your information and accounts. Schwab.com uses advanced encryption technology, such as 128-bit Secure Sockets Layer encryption, to guarantee private communication and secure authentication on all accounts. The website also uses the highest level of Extended Validation certificate. This means that when you’re logging into the website, you will see a green web address bar that indicates all of your information is being protected by SchwabSafe.

Security Tokens

Charles Schwab also offers a free token, available in the form of a key fob or as a phone application, that makes each login as secure as possible. A token creates a six-digit number that serves as an additional numeric password each time you log in to your account. This token provides peace of mind and as a great security measure for clients and advisors. You can order a free or set up your phone application token from Schwab by calling 800-435-4000.

Monitoring Unauthorized or Suspicious Activity

Another great security feature is that Schwab monitors suspicious account activity 24/7. Schwab utilizes pattern analysis and advanced monitoring systems to constantly scan for suspicious or potentially unauthorized activity on your account. SchwabSafe fraud teams are specifically dedicated to ensuring that your account activity is authorized and they will call us and/or you if they detect any unusual behavior, or want to confirm third party checks and other distributions.

Security Tips

If you’re still worried about the security of your financial accounts, there are a few helpful tips you can utilize to put your mind at ease. Make sure that your contact information on your account is current and accurate, so you can be immediately updated in case of suspicious activity. Be wary of using public computers when logging into sensitive accounts. Always make sure to log out of your account when you are finished and do not use computers you don’t trust. As mentioned earlier, using a token when logging in each time is also a very effective way to ensure the security of your personal information.

Make sure your password is unique and has not been used for any of your other accounts. You should always try to change your password every six months. Admittedly, it can be difficult to keep track of multiple different passwords so it may be a good idea to have a system for keeping track of these. However, a sheet of paper does not qualify as a safe and effective system! If you are tech savvy, there are a multitude of phone applications that can maintain your passwords.

In addition to many added security features, accounts held at Charles Schwab are insured by the Securities Investor Protection Corporation (SIPC) in the event of a broker-dealer failure. The SIPC provides up to $500,000 and up to $250,000 for uninvested cash equivalents of protection for each separate account held at Charles Schwab. Furthermore, excess SIPC in an aggregate amount of $600 million in protection is provided for Schwab customers through underwriters at Lloyd’s of London and London insurers.

Here at DWM, we take our clients’ security very seriously. For compliance reasons we are not allowed to hold anyone’s login password for any reason. We operate through cloud based technology to streamline our process and provide increased security. For any questions or concerns regarding security, please feel free to contact us at DWM anytime.

Safeguard Your Assets Against Cyber Attacks

cyber attackThe cyber attack this summer on JPMorgan Chase compromised the accounts of 83 million households and 7 million small businesses. Last year, the information of 40 million cardholders and 70 million others was breached at Target. In September, hackers got 56 million names, addresses and phone numbers at Home Depot. Fortunately, it has been reported that the various hackers did not get detailed information such as account numbers, passwords, social security numbers and dates of birth. Even so, cyber attacks are on the rise.

The financial industry is working on prevention- JPMorgan, e.g. plans to spend $250 million per year on security. Congress is discussing legislation. Regardless, individuals need to take primary responsibility for the safety of their identity and assets.

Therefore, we thought we would recap some of our earlier comments regarding prevention of identity theft. In addition, we’ll update you on the safety of your accounts at Schwab and your 401(k) plans.

Here’s what you should do re digital security:

  • Choose tough to decipher passwords
  • Use anti-malware/spyware and anti-virus programs
  • Don’t respond to “phishing scam” e-mails
  • Shop online only on secure sites
  • Don’t use the same password for multiple sites

Here’s what to do at home:

  • Shred everything with sensitive information
  • Protect snail mail
  • Don’t fall for telephone scams
  • Use a bolted-down safe for important documents

When out and about:

  • Limit the amount of information you provide at store checkout registers
  • Avoid “shoulder surfers”
  • Watch what you carry
  • Carry your wallet in your front pocket, if possible

Other:

  • Change your credit card to include a PIN
  • Monitor your credit card and bank activity at least every few days
  • Order a free credit report
  • Put a security freeze on your credit files to prevent new accounts

At the same time, we’re pleased to report that assets held at Charles Schwab & Co. or company 401(k) plans should be secure. Here’s Schwab’s guarantee: “Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity.”

Schwab monitors every disbursement from each account. Anytime a transfer request comes through to send money to a third party, Schwab will first contact the investment adviser, such as DWM, to make sure we have talked with the client and that this disbursement is authorized. In addition, in many cases, Schwab will also contact the account holder directly. We’ve seen phone calls on transfers of as little as $600. We and Schwab recognize that it’s a bit of a pain to have to answer a call about a transfer for which you have already signed, but in this day and age of hackers, it’s a necessary and valuable procedure.

A few caveats about the guarantee. First, account holders need to safeguard their account access information including login ID, password and security questions. If they share it with anyone, Schwab will not cover the loss. This information is not shared by Schwab with us, Orion, or any other party. Second, if you suspect you have been a victim to activity you didn’t authorize within your Schwab account, Schwab needs to be notified immediately.

Unauthorized activity in a 401(k) or similar account would be very difficult to accomplish. First, there are only certain times that a participant could request funds from the account. They could do it to borrow money from their account, when they terminate employment, or when they have an in-service withdrawal. All of the requests are typically done through the human resources department of the employer and require signed documentation. In addition, we have only seen transfers from 401(k) plans either go directly by wire, trustee to trustee, to the same registration at a new custodian or, in the case of a check, mailed to the participant’s home address and made payable to the participant and the new custodian.

In addition, we have been asked about the cloud services DWM uses based on the breach of the Apple iCloud. We are pleased to report that Orion and MoneyGuidePro never request, nor receive, any client account access information.

DWM and Schwab are committed to safeguarding your assets and the privacy of your information. We want you to have the highest level of confidence when you do business with us. We will continually review our privacy policy and update it as necessary to protect you. If you have any questions about these very important matters, please let us know.