Is your retirement account safe from cyber criminals?
In the Bernie Madoff scam, investors suffered over $18 Billion in loses over a period of 20 years. Well, it took that long to find out that some thing was really wrong.
This was a classic case of investors trusting a person that had all the underpinnings of a successful and trustworthy money manager on Wall St. And, why shouldn't they? Madoff's firm beat the odds and always delivered verifiable returns higher than any other asset manager on Wall st, right?! Remember the old adage - "If it's too good to be true, it probably is."
Recently, we came across a new type of case where an independent financial advisor in Texas was charged with fraud and misappropriating funds. If you dig deeper in the case, the losses suffered by investors were in the range of $750K - a fraction of the losses suffered by the Madoff investors. However, the sophistication of the attack is what is important to note here. First of, the financial advisor did NOT even know that he was working for a hacker. What?!
The hacker just used the advisor as a front to steal money from 20 of the advisor's unsuspecting clients. Secondly, the attack was a complex combination of social engineering, key logging and identity theft. So, how did this happen?
Simple. The hacker stalked the advisor for several months and tracked his facebook posts. Once the hacker gathered enough information about the advisor sent an email from what seemed to be a credible email address. The email looked like any email that a client would send his financial advisor. The email contained a link to download a harmless file. The file was a virus which would self-extract or install silently in a week and then log the advisor's key strokes and frequently accessed websites. This information would be periodically sent off to a "ghost server" which the hacker used to figure out account credentials.
At some level, this should remind you of the plot from the cult classic - Office space. In this movie, the bad guys implant a 'rogue software program' in with banking software so that instead of rounding off the last significant digits of millions of transactions, the software simply transfers a little bit at a time to another account. For any given transaction, the bet was that the rounding error would go unnoticed but over a long period of time and with enough transactions, the amount accumulated would be significant. Of course, in this case, the hackers make a mistake in their software program and the rounding error was quite significant, almost immediately!
So, how do you make sure that your financial advisor not only has a sound investment philosophy when it comes to managing your money but also, has a proactive strategy to ward off cyber attacks in the 21st century?
Here are three simple ways to get you started.
1. Cyber Security Policy Ask your advisor if he has a cyber security or an information security policy. If your financial advisor looks at you with glazed eyes, he or she probably does not have one. You should encourage them to get one as soon as possible. While its important to actually have a cyber security policy, it's more important that the advisor and staff practice what's in the policy. 2. Tech-forward or Tech-averse? Figure out quickly if your financial advisor is technology forward or technology averse. Questions like what type of computers or tablets do you use to access the internet. What percentage of time do you or your staff spend outside of the office? How do you securely access your data when you are out of the office? These types of questions will give you an idea of whether your advisor understands the best practices in branch office security. Most financial advisors worked at big wire-houses at some point in their career. If so, they probably never dealt with these issues back then as their IT department took care of it. However, once the financial advisor goes independent, those challenges along with a million others now become their responsibility.
3. Cyber security Audit Has the advisor ever invested in a cyber security audit from a trained professional. Better yet, has the advisor purchased any tools to lower the risk of cyber crime. This will give you an idea if this advisor falls under a "higher risk" for cyber crime. Something to make sure when looking for a solid financial advisor partner. Needless to say, as technology becomes pervasive in all aspects of our lives, it is important to make sure that we safe guard ourselves and those who help us achieve our goals. The face of crime is changing and cyber crime is becoming a part of our digital life too, whether we choose to accept it or not.