Tip #1: Understand that “You” are a target to hackers…
Don’t ever say, “It won’t happen to me.” We are all at risk and the stakes are high – both for your personal and financial well-being and for our Firm’s standing and reputation. Cybersecurity is everyone’s responsibility. By following the tips below and remaining vigilant, you are doing your part to protect yourself and others.
Tip #2: Use antivirus/anti-malware protection…
To access our Firm’s resources, systems (proprietary and third-party vendor), domains and email accounts, and networks, you are required to use Firm-approved and up-to-date antivirus/anti-malware protection. To ensure that such programs are installed correctly and come from a known and trusted source, please only allow our Firm’s authorized personnel to access, install, and maintain your antivirus/anti-malware protection or other security software.
Tip #3: Keep your software up-to-date…
Auto-installing software and security updates for your operating system and programs is critical.
• Turn on Automatic Updates for your operating system.
• Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
• Make sure to keep browser plug-ins (Flash, Java, etc.) up-to-date.
• Only allow our Firm’s authorized personnel to install software programs.
Tip #4: Practice good password management…
“We all have too many passwords to manage – and it’s easy to take short-cuts, like reusing the same password. A password manager can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.” (UC Berkeley, 2020)
Tip #5: Use Two-Factor Authentication…
“It’s importanttohaveastrongpassword,butit’sevenmoreimperativetohavetwo-factor,ormulti-factor, authentication. This method provides two layers of security measures so if a hacker can accurately guess your password, there is still an additional security measure in place to ensure that your account is not breached.” (Stavridis, 2020)
Tip #6: Connect Securely…
“Cyber security tips about this have been dished out by nearly every tech expert under the sun, but many still don’t follow this advice. You might be tempted to connect your device to an unsecured connection, but when you weigh the consequences, it’s not worth it. Only connect to private networks when possible, especially when handling sensitive information.” (Stavridis, 2020) This is especially important when you are working remotely.
Tip #7: “Look before you click…”
Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically install (often silently) and compromise your computer. If attachments or links in the email are unexpected or suspicious for any reason, don’t click on it.
Tip #8: Work to avoid “Social Engineering” scams; “beware of suspicious emails and phone calls…”
“‘Phishing’ scams are a constant threat – using various social engineering ploys, cyber-criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information. Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email. Be suspicious of any official-looking email message or phone call that asks for personal or financial information.”(UC Berkeley, 2020)
Tip #9: Use mobile devices safely…
“Considering how much we rely on our mobile devices and how susceptible they are to attack; you’ll want to make sure you are protected:” (UC Berkeley, 2020)
• Lock your device with a PIN or password- and never leave it unprotected in public.
• Only install apps from trusted sources (ex. Apple AppStore, Google Play).
• Keep the device’s operating system up-to-date.
• Don’t click on links or attachments from unsolicited emails or texts.
• Avoid transmitting or storing personal information on the device.
• Most handheld devices are capable of employing data encryption – consult your device’s documentation for available options.
• Use Apple’s Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
Tip #10:Never leave devices unattended…
“The physical security of your devices is just as important as their technical security. If you need to leave your laptop, phone, or tablet for any length of time – lock it up so no one else can use it. If you keep protected data on a flash drive or external hard drive, make sure their encrypted and locked up as well. For desktop computers, lock your screen or shut-down the system when not in use.”(UC Berkeley, 2020) This is especially important when you are working remotely.
Tip #11:Safeguard Protected Data…
Be aware of the Confidential Client Information and Data or Non-Public Personal Information “NPPI” that you come into contact with and its associated restrictions. This is especially important when you are working remotely. In general:
• When possible, use “redacted” information instead.
• Keep NPPI (e.g., SSN’s, client account numbers, credit card information, etc.) off of your workstation, laptop, or mobile devices (i.e., don’t keep or maintain such data by way of a spreadsheet that is stored on your computer) and only access such data when needed, by using secure means.
• Have our Firm’s authorized personnel securely remove sensitive data files from your system when they are no longer needed.
• Always use encryption when storing or transmitting sensitive data.
Tip #12: Back up your data…
“Back up regularly – if you are a victim of a security incident, unfortunately the only guaranteed way to repair your computer is to erase and re-install the system.” (UC Berkeley, 2020)
“Remember, malicious threats and hackers don’t always want to steal your data, but sometimes the end-goal is to encrypt or erase it. Back it up to have an ultimate recovery tool.” (Stavridis, 2020)
1: “Top 10 Secure Computing Tips”. Berkeley Information Security Office – UC Berkeley, 2020.
2: “10 Most Important Cyber Security Tips for Your Users”. Stavridis, Virginia; Cybint, 17 August 2020.
3: “Cybersecurity Issues for BDs and RIAs; Drinker Biddle 2019 ERISA Symposium”. Weiss, Jason, 2019.