|
|
Security
|
Why Do Advisors Continue To Use Free Gmail Accounts? Do They Not Know The Risks? |
 |
|
Wednesday, February 22, 2012 13:26
|
|
Tags: apple | google | microsoft | privacy | security This week I received yet another question from an advisor asking if it was ok to use a “free Gmail account” to conduct business.
If you're a private wealth advisor, please join Advisors4Advisors (A4A) to get its full benefits. Register now, and we will donate $20 of our $60 membership fee to Bubbles The Clown’s financial literacy program, and you can post an icon on your website saying you support Bubbles' 501(c)3 charitable organization. Plus, get other membership benefits, including: - Analysis daily of issues affecting advisors
- Aggregation of news from dozens of sites targeting wealth managers
- Reviews by advisors of practice management applications
- 30 independent experts blogging on advisor business issues
- 24/7 access to webinars with 50 hours of CFP® CE and 100 hours of IMCA CE
Register Now |  |
The answer is absolutely not! For several reasons like compliance, email encryption and what is becoming abundantly clear PRIVACY!
In fact, Google recently published an update to its privacy policies, which in summary states if you use a free app of theirs, like Gmail, Google+, Picasa etc… ,they have a right to your information. This update to the Google’s privacy policy prompted Congress to conduct hearings to protect consumers.
Google suggests that if you do not like these new policies. you can cancel your Google account and block cookies from your Internet browser. The interesting issue with this advice is that reportedly Google already had distributed code that prevents Microsoft Internet Explorer and Apple Safari browsers from blocking information being sent to Google.
I have not met an advisor who did not care about their clients. So I am assuming any advisor using these services just does not know the risks.
Some of what you should be doing to protect a clients private data:
1. Use a paid and compliant email system.
2. Use email encryption when sending private data.
3. Use a compliant client vault to share private information with clients.
4. When using a consumer service, especially free services, read and understand their privacy policies.
If have read this blog and continue to use a free email service anyway, then either you do not care about your clients or are asking for problems.
Please feel free to comment.
Read more...
|
|
|
Security Issues Advisors Should Ask Web-Based Application Vendors About |
|
|
Thursday, January 26, 2012 21:55
|
|
Tags: advisor technology | cloud | security
With a secure system serving advisors reportedly crashing in late December and still unable to recover client data for advisors it serves, the risk of web-based apps was recently brought into sharp focus to many advisors. So here are issues questions advisors should ask web-based vendors about to minimize exposure to the nightmare scenario of losing client data.
Redundancy. Are data continuously written to more than one hard drive or more than one server? A redundant array of independent disks (RAID) in a web server writes the same information to multiple drives. So if one drive fails, another has essentially the same information. In addition, you would like all data uploaded to a Web application to simultaneously be written to two servers.
Multi-Site Redundancy. Are backups housed in one location or multiple locations? Ideally, when data are posted to the Web, it will be written to servers in different locations, and they will preferably be located on different parts of the country and be on different power grids. Posting data to servers in different parts of the country ensures that if a disaster hits one part of the country and knocks out power across the mid-Atlantic states, for example, a server in another part of the country will be unaffected. Multi-site redundancy is not offered by most vendors serving advisors, but it is a best practice and nice-to-have feature.
Third-Party Intrusion Detection & Protection. Many vendors serving independent advisors are small companies. While they can protect web servers from hackers, they are not security experts. Some vendors now engage third party services with apps that monitor Web servers 24/7. When abnormal activity is detected, these apps automatically stop the activity and notify the vendor.
Disaster Recovery Plan. Ask to see the company’s disaster recovery plan. Is it detailed? Sensible?
Institutional Clients. Most broker/dealers and custodians are conducting security audits of vendors that handle sensitive client data. Ask which institutions have required the vendor to fill in their security questionnaire and integrated its systems with the vendor. Ask if the vendor has filled in a form known as BITS Standardized Information Gathering questionnaire or SIG Lite, a less comprehensive version.
Encryption. Find out what's encrypted. A couple of years ago, a tech writer wrote a story saying he was very impressed by security of a Web app for sharing documents when in fact the information stored by the app was not encrypted. only its passwords were encrypted. Make the the database is encrypted and that data are encrypted when downloaded as well as when uploaded.
This list is far from exahastive but should help limit an advisor's risk.
If you're a private wealth advisor, please join Advisors4Advisors (A4A) to get its full benefits. Register now, and we will donate $20 of our $60 membership fee to Bubbles The Clown’s financial literacy program, and you can post an icon on your website saying you support Bubbles' 501(c)3 charitable organization. Plus, get other membership benefits, including: - Analysis daily of issues affecting advisors
- Aggregation of news from dozens of sites targeting wealth managers
- Reviews by advisors of practice management applications
- 30 independent experts blogging on advisor business issues
- 24/7 access to webinars with 50 hours of CFP® CE and 100 hours of IMCA CE
Register Now | |
|
|
Why Do Financial Advisors Need To Know About Skimmer Scams That Illicitly Scan Credit Cards And PINs? |
|
|
Thursday, January 05, 2012 17:30
|
|
As a financial advisor, I believe you have a responsibility to help clients protect themselves from identity fraud and credit card scams. (It's wrong that the CFP Board of Standards does not award CFPs educational credit for learning about online privacy and security.) Financial advisors must be guardians of their clients' online financial lives.
With fee compression a growing concern, adding value to client relationships by educating clients on online security is good marketing. Being an authority — the resource for clients on online privacy and security — positions you as an expert in financial communication. Plus, you have the added benefit of doing good.
It's actually in your interest to know a lot about online security and privacy. I speak with advisors all the time who are spending a lot of money still on assembling and mailing paper quarterly reports to clients. That's expensive and largely unnecessary. (Yes, my company sells systems for online reporting but that's not why I am arguing for it.) Going online with performance reporting is a no-brainer to me because it improves your firm's client experience and makes your business more efficient. Getting clients to change their behaivior and adopt online reporting is part of the educational information advisors should be providing to clients. But back to skimmers.
Even though the odds are low that one of your clients will get ripped off in a skimmer scam, as an authority you need to know about skimmers and disseminate tips about them to your clients and prospects.
PC World says skimmers are devices thieves attach to card readers on ATMs or credit card terminals to collect your financial information. A Symantec spokesperson quoted in the article says many skimmers are shoddy, jury-rigged and awkwardly attached. So if you see a card reader that looks a little weird, be wary.
Let me know if you think advisors should be a clearinghouse for information about online privacy and security for their clients.
If you're a private wealth advisor, please join Advisors4Advisors (A4A) to get its full benefits. Register now, and we will donate $20 of our $60 membership fee to Bubbles The Clown’s financial literacy program, and you can post an icon on your website saying you support Bubbles' 501(c)3 charitable organization. Plus, get other membership benefits, including: - Analysis daily of issues affecting advisors
- Aggregation of news from dozens of sites targeting wealth managers
- Reviews by advisors of practice management applications
- 30 independent experts blogging on advisor business issues
- 24/7 access to webinars with 50 hours of CFP® CE and 100 hours of IMCA CE
Register Now | |
|
|
If You Have Not Paid Much Attention To QR Codes, Here's A Reason To Continue To Ignore Them |
|
|
Monday, October 24, 2011 01:56
|
|
Tags: android | mobile apps | phones Have you ignored QR codes, those funny looking squares we've seen pop up increasingly over the past year in print ads, billboards, and on the product packaging? I've not found them very enticing personally, and have been unable to find good uses for them by advisors. Turns out, that's good. QR codes are now regarded as security threats.
"the nasties are using QR codes to lure people into downloading Android malware," says TechCrunch. "While some users are likely to assume that QR codes are unique to the Android market and thus be comfortable scanning them, these codes actually take you to an Android install package hosted on some third-party server. The QR code itself isn’t bad — but the link it’s obfuscating is."
If you're a private wealth advisor, please join Advisors4Advisors (A4A) to get its full benefits. Register now, and we will donate $20 of our $60 membership fee to Bubbles The Clown’s financial literacy program, and you can post an icon on your website saying you support Bubbles' 501(c)3 charitable organization. Plus, get other membership benefits, including: - Analysis daily of issues affecting advisors
- Aggregation of news from dozens of sites targeting wealth managers
- Reviews by advisors of practice management applications
- 30 independent experts blogging on advisor business issues
- 24/7 access to webinars with 50 hours of CFP® CE and 100 hours of IMCA CE
Register Now | |
|
|
Typosquatting Hacks: What Can Happen If A Hacker Sets Up A Phony Domain For Your Custodian Or B/D |
|
|
Wednesday, September 28, 2011 13:28
|
|
Tags: security Say a hacker sets up the domain for Sschwab.com or TDAmmeritrade.com and emails you requesting you send confidential information or builds a few Web pages that look just like your custodian's site.
If you're a private wealth advisor, please join Advisors4Advisors (A4A) to get its full benefits. Register now, and we will donate $20 of our $60 membership fee to Bubbles The Clown’s financial literacy program, and you can post an icon on your website saying you support Bubbles' 501(c)3 charitable organization. Plus, get other membership benefits, including: - Analysis daily of issues affecting advisors
- Aggregation of news from dozens of sites targeting wealth managers
- Reviews by advisors of practice management applications
- 30 independent experts blogging on advisor business issues
- 24/7 access to webinars with 50 hours of CFP® CE and 100 hours of IMCA CE
Register Now | |
While there is no known effort to perpetrate such a fraud by using these or other brokerages, "typosquatting" is a real security threat advisors should be aware of.
Researchers at security think tank Godai Group set up phony domains using small typos. It yielded a treasure trove of personally identifiable infrotmation.
"During a six‐month span, over 120,000 individual emails (or 20GB of data) were collected, which included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc," according to the researchers.
A story on PC World highlights the threat and provides more detail.
It lends further evidence to the notion that advisors need to be mindful of social engineering attacks.
Educating clients about how to protect themslves against this growing scourge would be wise.
Read more...
|
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
|
Page 1 of 13 |
|
|
