Recent data breaches at institutions ranging from retailer Target to health insurer Anthem illustrate that cybersecurity is a growing problem today. The financial services industry is not immune to these risks. Consider that a recent SEC sweep on cyber attacks found that 88% of broker dealers and 74% of advisors said they have experienced cyber attacks directly or through their vendors.
While new threats continue to evolve, the source of most online “attacks” take two forms. The first relates to attempts by cyber criminals to access individual financial accounts by sending emails that appear to come from a legitimate source. These “phishing” emails are sent hoping that recipients will respond with requested personal information or follow a link to a related website. Once access is established, hackers download malicious programs onto the computer allowing them to identify sensitive personal information such as account numbers and passwords. Another version of this approach involves hackers gaining access to client emails and then using those emails to request unauthorized fund transfers.
The second form of threat involves broad scale cyber attacks such as was recently experienced at the federal Office of Personnel Management. In these cases, exploiting weak links in a security system allow hackers to gain access to broad networks of personal information.
Thinking about cyber security threats, even briefly, can make the most complacent investor paranoid. But it is important to remember that financial services institutions have had a long history of dealing with cyber fraud. As anyone who has lost their account password knows, custodians such as Schwab and Vanguard maintain robust login and password protocols. Their websites employ secure encryption technology and most use some form of pattern analysis to detect suspicious account activity. Registered Investment Advisors too are held to a high standard by the SEC to safeguard client data. Our efforts in this area include, but are not limited to, requiring verbal approval on all third party wire transfers and encrypting any emails which include personal financial data.
Often the individual is the weakest link in the personal information protection chain. Inadvertently providing access to emails is probably the most common source of a data breach but there are others as well. The box above outlines a number of simple steps investors can take on their own to reduce the risk of online fraud.
Humans, by nature, are pretty suspicious creatures and perhaps deservedly so. Past experience has shown that hackers as a group are a savvy lot and it is unlikely, given the high rewards involved, that this form of criminal activity will go away anytime soon. But the private sector, sensing an opportunity, may yet keep pace with the ever-evolving fraudulent efforts. In the first half of this year, venture firms invested $1.2 billion in cyber security start-ups, up from just $771 million two years ago. Of course, not all of these ventures will pan out but given the demand for tighter security and related rewards, some may just keep the villains at bay.
