Multi-Unit Franchisee Magazine Issue IV, 2015 | Page 72
InvestmentInsights BY CAROL M. SCHLEIF
Protecting Your Assets
In the Internet Age
Defending yourself against online risks
T
he world we live in and the way
we interact with it—and with each
other—has shifted significantly in
the past several decades. The pace
of change and the corresponding alterations to many of our routines has been so
rapid it’s almost shocking to recall what
things were like before personal computers, the Internet, Google searches, mobile
phones, and millions of other everyday
conveniences (and distractions). Almost
no single interaction or activity carried
out today is immune from technology’s
impact. Yet while much of today’s online
activity has moved world knowledge and
convenience forward, it has brought with
it a host of less-than-desirable outcomes.
The Internet had its genesis decades
ago in funding from the U.S. government
and various defense and research/higher
education partnerships. The architecture
was constructed to facilitate collaboration
among trusted peers with legitimate intentions. The specific way data was packaged
and transmitted was decentralized, with
key decisions made at the outset to favor
rapid and “democratized” information
flow and access.
As commercialization and other applications mushroomed, purveyors were
loath to change the open, interactive
architecture that underpinned the best
attributes of the system. Rapid adoption
spread through all strata of users, from
those with intellectually pure applications
to those with more nefarious intentions.
The amount of personal information that
users freely provide through social media
posts, and the tracking systems innate in
the simplest free apps in our never-leaveour sides mobile phones, have added to
the insecurity of our cyber world. One
result is that companies and governments
can store and cross-reference all that data
cheaply and effectively.
The motivations for unsavory Internet
usage are no longer as “simple” as individuals wanting to perpetrate fraud for
financial gain or show off their hacking
prowess. Increasingly, government-backed
70
terrorism and sophisticated, globally based
crime rings perpetrate corporate and geopolitical espionage.
In addition to more “traditional” hacks,
cyber-to-physical attacks are an increasing threat as more devices and systems
are connected to each other and to global
networks (power and transportation grids,
air traffic control systems, manufacturing
plants, medical records, manufacturing
machines, etc.). The benefits of having all
these “Internet of Things” connections are
enormous, but those benefits come with
heightened risks.
As attacks have become more sophisticated and subtle, corporate and governmental goals have shifted from preventing
an attack toward detection, remediation,
and recovery. According to a report from
security provider FireEye, 69 percent of
attacks were detected not by the entity
being hacked, but by an outside party,
such as a security blogger (which is how
the Target hack came to light). Even more
alarmingly, the report noted that the median length of time a hacker was inside a
system before detection was 205 days!
How to respond
In the public and private spheres, any
system to prevent and detect intrusion is
only as strong as its weakest link. And that
weakest link is often a human who either
unwittingly or unknowingly behaves carelessly. Remediation of fraud and hacks is
time-consuming and costs businesses, governmental entities, and individuals many
thousands of hours and tens of millions
of dollars to address each year. Adopting a diligent mindset of monitoring and
common-sense security practices will go a
long way to helping you partake of the significant benefits that being wired can bring.
1) Best practices for users
• Make passwords easy for you to
remember and hard for others to guess
(avoid the obvious).
• Make passwords a combination of
letters, numbers, and symbols.
• Change user names, passwords, and
security questions frequently.
• Do not access the Internet through
open/unsecure networks at coffee shops
and airports; use encrypted access only.
• Don’t post on social media when you
will be traveling; don’t post from out-oftown locales while you’re away; don’t allow various apps to update and post your
whereabouts.
• Don’t open attachments, click links
in emails, or respond to emails from suspicious or unknown senders.
• Always sign on to sites directly through
a known and secured website address.
• Use secure email to request and confirm financial transactions.
• Never respond to a text or email request for personal or financial information,
including account numbers, passwords,
authorization credentials (token codes),
Social Security number, or birth date.
2) Prevention
• Limit access points and enforce multiple layers of authentication.
• Consider outsourcing security and
network maintenance to outside firms and
the cloud. Many of these firms have the
resources and sophistication to stay up on
the latest trends, technologies, and systems.
Cloud providers have the potential to be
far more secure than the corporations
whose data they are holding.
3) Constant vigilance!
• Monitor all transactions in each account, ideally on a daily basis. Fraudsters are
increasingly sophisticated and can infiltrate
systems in subtle ways, diverting individual
payments to other-than-intended recipients by mimicking a user’s email, style, and
activities to send fraudulent requests for
funds transfers and set up new accounts
with the data and information obtained.
• Regularly pull and monitor credit
reports.
• Enroll in a credit monitoring system
and check reports regularly.
• Maintain a skeptical mindset.
Carol M. Schleif, CFA,
is a director in Asset Management at Abbot