Five steps to take and three questions to ask
October 9, 2017
John Maddison, CFA, CFP®
Relationship Manager, Balentine
Like millions of Americans, I was shocked to read that Equifax had suffered a massive data breach. It is now being reported that more than 145 million people may be impacted, including five million Georgians and five million North Carolinians. While the delay in reporting the breach and suspicious trading activity by the executives were troubling, what’s most unsettling is that many of the potential victims were paying Equifax for credit-monitoring services.
This event hits close to home for me, as I previously ran Operational Risk for Royal Bank of Canada’s U.S. bank, so I understand firsthand the challenges companies face to keep this data private. There is not a lot that can be done to prevent hackers from stealing our information. Let’s face it, we’re required to share our date of birth, mother’s maiden name, Social Security Number, and other important information just to turn the lights on in our home! Given the pervasiveness of our Personally Identifiable Information (so-called PII), it is more important than ever to minimize how this information may be used in the event of a breach.
While many Americans looked to credit-monitoring services to protect their identities, this latest incident shows that we need to take personal action to keep our information private. Here are five action items that the FTC suggests every person take:
- Place a “credit freeze” through each credit bureau to make it harder for thieves to open fraudulent accounts. Any time you wish to apply for a loan you can temporarily lift the “freeze,” giving you control over when credit information can be shared.
- Place a “fraud alert” through each credit bureau to ensure creditors are more diligent in verifying your identity.
- Check credit reports for new accounts and suspicious activity on a regular basis. The major credit reporting agencies each provide consumers with a free credit report annually. Set a reminder on your calendar to check annualcreditreport.com every four months to pull a report from Equifax, Experian, and TransUnion, and alert the credit bureaus if you see any suspicious accounts.
- Review your credit card statements monthly to identify suspicious transactions.
- Consider filing your taxes early next year. Thieves have been known to file fraudulent tax returns using someone’s Social Security Number as a means to receive any tax refund due. Filing yours early will mitigate the chance that this occurs.
In addition, you should expect the partners and professionals with whom you work, such as financial advisors, accountants, and attorneys, to take extra precautions when dealing with your personal data. Below are three questions regarding safeguards you can inquire about with any advisory partner or team:
- Do you require callback verification for all money transfers to outside accounts? With email, hackers are able to copy writing styles and have become increasingly adept at impersonating their victims. In order to help protect clients, most firms have a protocol to verify a transfer at the callback number on record. While some clients may feel frustrated at this extra step, verbal confirmation has been proven to prevent fraud for our clients.
- What security measures do your software platforms use to protect client data? Software partners should ideally use a variety of security measures to protect client information, including password protection, Secure Socket Layer encryption, firewalls, intrusion detection, third-party security audits, and inspections. Balentine’s financial planning platform, eMoney, for example, uses the highest level of encryption currently available today, and twice the standard followed by many financial institutions, including banks. This provides yet another layer of protection for clients’ personal data.
- What internal safeguards do you use for employees? Warren Bennis, widely considered a pioneer in modern leadership studies, once quipped, “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment.” As has been evidenced by many of the iCloud hacks and other major security breaches, human error can be the weakest link in an organization. Before choosing a firm or advisor, it’s important to understand what safeguards exist. Cyber security training sessions, internal controls, and third-party monitoring are all good ways to help mitigate the fallibilities of individuals.
If you have any questions about how Balentine handles cyber security issues or your personal data, please do not hesitate to reach out.