Playing It Safe
10/05/2015 WMS News
Issues surrounding cyber-security continue to be top-of-mind—not just in the financial services industry but in other industries all around the world. When big name corporations or U.S. government agencies get hacked it makes global headlines. Although the mainstream press tends to thrive on fear-mongering, the reality is that cyber-security does need to be taken seriously—not just by large corporations, but also by smaller private companies, like WMS Partners, as well as by all of us as individuals protecting our own private information.
Cyber-terrorism can come in a variety of different forms, but whether it is a lone teenager sitting in his parents’ basement, an independent organization of hackers like Anonymous, or a larger-scale government-backed effort like ones that are allegedly occurring in East Asia, people are always trying to come up with new ways to steal private data. Last year we sent out a notice about safeguarding wire and money transfers. This was in direct response to some activity we had seen surrounding individual clients’ e-mail accounts getting hacked. Hackers would send e-mails to us from client accounts requesting that we wire money on their behalf. Fortunately WMS already had robust internal controls in place to prevent any action being taken in response to one of these bogus requests, and not one single fraudulent request was honored. Despite this, however, we did not rest on our laurels—we took what we learned from this experience and used it to strengthen our internal controls even further.
In addition to these internal measures we took, we also reminded clients to maintain their own diligence in monitoring personal information in areas where WMS does not have the ability to act. The reality is that most data breaches that occur are not the result of targeted attacks. Cyber criminals perform random sweeps, just looking for ways to hack into any unsecure network to steal information. If they hit a secure network, they will rarely spend much time or effort trying to attack it. Unfortunately, the most unsecure networks out there are individuals’ personal home networks. People are becoming increasingly diligent about protecting home computers and laptops, but just think of how many other devices you have that are connected to the Internet. For example, do you have a Smart TV that you use to connect to Netflix? Have you ever installed any software patches on that Smart TV? Do you use the same password for Netflix that you use for more secure sites? There are simple things that you can do to keep your data safe. Just as we do at WMS, you should use complex passwords for your accounts and change them periodically. Use different passwords for different sites. You should also make a point to monitor your credit card transactions and credit reports for any unusual activity. These types of actions do not take much time, and they can go a long way towards preventing cyber-theft.
While you are doing everything you can on your end to protect your private information, WMS is doing its part to try to always stay one step ahead of malicious activity. We may not be an organization the size of Sony or Target and, to our knowledge, we have not yet done anything to anger North Korea (not to mention that our internal e-mails would not be nearly as interesting to read as the ones that were leaked out of Sony), but we do recognize that companies of every size get hacked every day. As a result, we have a number of protections in place to protect our clients’ valuable assets and data, in addition to the internal process controls mentioned above. Among these protections are the following:
- We maintain different data points on different servers internally, all of which are protected by very strong, redundant firewalls.
- We have a 3rd party IT vendor that continuously monitors our systems for any signs of malicious activity. They also help us undergo periodic firewall testing.
- Anti-virus, anti-spam and anti-malware software is built into several levels as e-mail travels through our system.
- We have a diligent Bring Your Own Device (BYOD) policy for employees and partners of WMS to ensure that everyone who accesses WMS’s servers from outside of the office has the proper password protections on each of their personal devices.
- We do not have direct custody of client assets. They are held at large custodians, such as Charles Schwab or TD Ameritrade, each of which has its own robust security in place.
- We have also recently finished implementing a new portfolio reporting system called Tamarac Advisor View. This is a cloud-based system which will encrypt client account information. It will also serve to separate different client data points between onsite and offsite servers. This will make it that much more difficult for cyber-terrorists to access client information in the same location.
WMS Partners takes protecting our client data very seriously. We continue to invest large amounts of capital in upgrading our technology and are constantly looking to stay on top of the latest security enhancements. If and when we come across new creative ways that people are trying to glean information, we will share our findings with you. Likewise, if you come across any unusual activity on your end, please share it with us so we can always stay one step ahead. If you have any questions about how WMS is protecting your information, please do not hesitate to ask.