Security
7 Million Dropbox Accounts Compromised edit
Tuesday, October 14, 2014 13:01

Tags: data breach | dropbox | security issue

Due to a breach in account security, all Dropbox users are urged to immediately change their password.  An anonymous hacker has leaked 420 usernames and passwords, and claims to have nearly 7 million in total.

This Website Is For Financial Professionals Only


Dropbox claims their security has not been compromised, but instead the stolen usernames and passwords occurred from a third party service.  However, they have been quick to act and expired the passwords for the compromised accounts.

 

Since most people use the same logins and passwords for multiple services the hackers now have access to even more of your personal information.

 

Here are some tips on how you can avoid this happening to you:

 

Network Attached Storage (NAS) Device - Today’s NAS devices use an app that allow them to work just like Dropbox and is our top recommendation.  This is a secure private device that sits in your office that your employees can share files on.  The information stored on these devices is backed up, encrypted and stored online, in a very private and secure environment, and is only accessed in the case of a disaster. 

 

2-Factor Authentication – This two-step process uses something you know and something you have.  A hacker can steal your password (the something you know) but they cannot steal the something you have.  2-Factor Authentication should be enabled on all of your programs that contain any sensitive information. 

 

Different Passwords – You should always use different passwords for all of your programs.  This includes all social media sites, banking sites and computer logins.

 

Password Manager – Using a password manager, such as LastPass, eliminates the need for you to enter your password into all of your programs and applications.  A password manager encrypts and stores all of your login information.  Should a hacker gain access to your computer, he will not be able to see the passwords you use.

 

Any data breach will hurt the company experiencing it.  The company’s reputation will be ruined and their clients’ trust will be broken.  Make sure you take the appropriate steps to keep your information safe.

 

To read more:

http://www.businessinsider.com/dropbox-hacked-2014-10

 

http://techcrunch.com/2014/10/14/dropbox-pastebin/

Read more...
 
The SEC Has Published A Cybersecurity Preparedness Guide, Will You Pass The Audit? edit
Thursday, April 17, 2014 13:37

Tags: cybersecurity audit | exam | OCIE | sec

The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and (RIA) registered investment advisers, focusing on areas related to cybersecurity.

This Website Is For Financial Professionals Only


On March 26, 2014 the SEC sponsored a Cybersecurity Roundtable.  During the discussions the importance of gathering information and considering what additional steps should be taken to address cyber-threats was emphasized.

 

Examinations are designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats.  These examinations will focus on:

 

1.  Your cybersecurity governance

2.  Identification and assessment of cybersecurity risks

3.  Protection of networks and information

4.  Risks associated with remote client access and funds transfer requests

5.  Risks associated with vendors and other third parties

6.  Detection of unauthorized activity

7.  Experiences with certain cybersecurity threats

 

The Commission has provided a sample request to help all firms be prepared for this examination:

 

http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf

 

What would happen if your firm did not pass one of these audits?  Do you think your clients would feel safe trusting you with their sensitive information?  Making sure the points listed in the document above are covered is important, but it can also be technical and time consuming.

 

The best attack plan is to put together a team of professional that specialize in each area.  The team should consist of a law firm, an accounting firm, and an IT security firm such as Financial Computer Services.

 

With ProtectIT from Financial Computer Services you will be able to show your firm’s networks and systems are up to date and secure.  Our continuous reporting system can compile all of the information you will need, to provide an auditor, in minutes not days.  ProtectIT will assist with the following points the exam will focus on; the identification and assessment of cybersecurity risks, protection of networks and information and the detection of unauthorized activity.

 

To read more:

http://www.fa-mag.com/news/sec-issues-fa-cybersecurity-guidelines-17643.html?section=43

Read more...
 
Heartbleed May Be the Worst Security Hole The Internet Has Ever Seen edit
Friday, April 11, 2014 15:57

Tags: heartbleed | security hole | virus

Millions of passwords, credit card numbers and other personal information is at risk as a result of a major breakdown in Internet security.

This Website Is For Financial Professionals Only


The Heartbleed virus allows hackers to exploit a flaw in the encryption software OpenSSL. 

 

OpenSSL encryption software is used by a majority of major websites and is designated by a small closed padlock symbol and “https” on Web browsers. 

 

When a secure connection is made between two computers, one computer may check if the other computer is available.  The computer would check by sending a small packet of data, called a heartbeat, which the other computer then confirms.  A hacker can use a fake packet of data, which tricks the computer into responding with data stored in its memory.  The hacker then has access to steal personal information such as credit card numbers and passwords. 

 

A patched version of OpenSSL has been released, now it is up to each site to apply this patch. 

 

Do not log into accounts from affected sites until you are sure the company has patched the problem. 

 

Once you have confirmation of the security patch you will need to change your password.

 

LastPass has created a tool that will check a site to see if it effected by this virus:

 

https://lastpass.com/heartbleed/

 

Read more for a list of sites that have been effected and have applied the security patch:

http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html?hpt=hp_bn5\

Read more...
 
Cybersecurity Top Risk For Financial Firms edit
Tuesday, April 08, 2014 09:55

Tags: advisors | cybersecurity | data breach | FINRA | sec

The recent massive customer data breaches that have occurred at well-known retailers is causing the government and businesses to take a deeper look into cybersecurity.

This Website Is For Financial Professionals Only


In February, Finra announced its plans to try and understand the dangers that lurk online for financial companies.  Finra will examine some of its member firms to see what precautions they are taking to protect themselves from online threats.  They will be surveying 20 firms and looking to review each of the firms’ cybersecurity preparation and supervision.

 

The SEC has also announced that it will be conducting cybersecurity examinations.  In a compliance conference the SEC informed its audience that they will be reviewing the resources that firms devote to information security, their policies for assessing, preventing and responding to attacks and their systems guarding against identity theft.

 

Cyber thieves are always looking for new ways to steal your information.  Just one wrong click could give a cybercriminal the key to all of your clients’ sensitive data.  As an advisor it is important for you to have a process in place to check for cyber threats and protect your data. 

 

Read more:

http://www.investmentnews.com/article/20140207/FREE/140209923

Read more...
 
Inside A Vicious Phishing Scam Targeting RIAs: Read The Emails That Nearly Defrauded A Successful Financial Planning Firm Of $35,000 edit
Saturday, March 29, 2014 14:06

Tags: advisor technology | AdvisorVault | client communications | client emails | cyber criminal | cybercriminals | data security breach | email scam | phishing scams | practice management | privacy; security | risk management

Here’s a cautionary tale of an advisor who nearly fell victim to a $35,000 phishing scam that is targeting investment advisors.
 

The RIA, co-owned by an advisor I’ve known for many years, has changed its procedures since the incident occurred 11 months ago, and he did come to eventually realize that it was a scammer before sending any money to the account as requested. But he says his firm has been targeted twice and that the scams are getting more sophisticated.


To help other advisors avoid falling victim to phishing scams, the advisor provided A4A a copy of the email thread (below) from last April between the cybercrooks and his firm, giving A4A readers an inside look at a phishing scam targeting investment advisors.

This Website Is For Financial Professionals Only



Perhaps because I write about tech news and have previously written for advisors about phishing scams, the advisor does appear to have been a little naïve. The initial email contained some telltale signs of a phishing scam — specifically, an abundance of spelling, punctuation and grammatical errors. In fairness to the advisor, however, we are looking at events with 20-20 hindsight.

Just yesterday, I received an email from a business contact who might turn out to be a huge breakthrough for my company or could turn out to be a fraudster. I've asked for a telephone call to verify. (Telephone verification is always a good safeguard.) Point is, it's hard to tell sometimes whether someone is scamming you, even for a sophisticated techie like me.

When an advisor reads an email from a client on a busy day, it’s understandable that it could draw an advisor to ask an assistant to help the “client” get $35,000 wired.

However, the advisor in this instance would come to learn later that a hacker was spoofing his client’s email address and name in the emails he was reading. He says he dismissed the spelling errors in the initial email he received, thinking the client was in a rush. The scam began with this initial email:
 
-----------------------------------
From: Keith
Sent: Monday, April 15, 2013 12:16 PM
To: Frank
Subject: Good Morning
 
Hello,
 
    A friend of mine needs to borrow 35,000 do i have enough cash to be able to lend that to her. she will be repaying it back in about 4 months. ive lent her money before and got every penny back.......so i would like to do this if possible. if it is possible, can you also arrange for the wire transfer once ive gotten all of the necessary information.
 
Thanks,
--------------------------------------
 
Asked in an email if he had any advice to offer to practitioners about setting up a procedure to defend against phishing scams, the now security-conscious advisor responded: “Upload all sensitive client data and information to the web vault and confirm all requests for money via a phone call to the client,” he says. ” No call? No confirmation of ID? No $$$!”
 
After reading the email thread below, please post a comment letting me know if you would have or could have fallen for this scam? If you could have fallen for the scam, then you’re not reading A4A regularly and that’s a mistake.
 
 
 
 
 
 
 
--------------------Begin email thread (names changed or redacted) -----------------------
 
From: Mindy
Sent: Tuesday, April 16, 2013 7:34 AM
To: Frank
Subject: FW: Loan
 
FYI . . . funny-strange…
 
From: Keith
Sent: Monday, April 15, 2013 5:21 PM
To: Mindy
Subject: Re: Loan
 
Mindy,
 
    Thanks the wire is not needed again, As Susie has taKeith care of it....
 
Thanks once again.
Keith.
-----Original Message-----
From: Mindy
To: Keith
Sent: Mon, Apr 15, 2013 10:35 pm
Subject: RE: Loan
Dear Keith:
 
Attached is the completed form.   Please sign and have Susie sign in Section 4 of the form.  Scan it and email it back to me. 
 
If you send this back signed today, I will take care of it in the morning.  Have a great evening.
 
Sincerely,
Mindy
 
 
From: Keith
Sent: Monday, April 15, 2013 4:18 PM
To: Mindy
Subject: Re: Loan
 
Mindy,
 
      I am not at the office, but you can fill in the form scan and email it to me then I will sign it off and then scan and have it sent back to you. Here is the wire instruction below:
 
Bank Name: NAME REDACTED
Bank Address: REDACTED
Bank Phone #: REDACTED 3
Account #: REDACTED
Routing #: REDACTED
Account Owner: REDACTED
Holder Address: REDACTED
Wire Amount: $35,000.00
 
Kindly fill the form and send it to me then I can sign and email it back to you.
 
Thanks,
Keith.
 
-----Original Message-----
From: Mindy
To: Keith
Sent: Mon, Apr 15, 2013 10:12 pm
Subject: RE: Loan
Dear Keith:
 
Sure, I can complete the form with the wire transfer instructions you collect from your friend.  I will then email it to you but we don’t have a fax machine.  Actually, are you in your office now?  How late will you be there?  I have an appointment in your complex this evening, I could stop by your office tonight for your signature and then I will complete the form with your friends wire instructions tomorrow for you.  Let me know.
 
Mindy
 
 
From:Keith
Sent: Monday, April 15, 2013 4:04 PM
To: Mindy Smith
Subject: Re: Loan
 
Mindy,
 
      Can I send you the information then you can help fill the information then you can send me the form or fax it then I can sign and fax back as I dont want to have any errors on the wire form.
 
Thanks,
Keith.
-----Original Message-----
From: Mindy
To: Keith
Sent: Mon, Apr 15, 2013 10:01 pm
Subject: FW: Loan
Dear Keith.:
 
Attached you will find a Schwab Wire Transfer Authorization form.  Please print this form and complete all of Section 3 and sign Section 4.  I would need to have the completed, signed form either emailed back to me or dropped off at our office by 12:00 tomorrow afternoon in order for the funds to be transferred by the close of business tomorrow.  Please note the cost is $25.
 
Please let me know if you have any questions.  Have a great day.
 
Sincerely,
Mindy
 
 
From: Frank
Sent: Monday, April 15, 2013 1:57 PM
To: Keith
Cc: Mindy
Subject: RE: Loan
Importance: High
 
OK….I will see to it that Mindy will get back to you right after lunch.
 
Frank
 
From: Keith
Sent: Monday, April 15, 2013 1:49 PM
To: Frank
Subject: Re: Loan
 
Frank,
 
    She needs it for business purpose and she just sent me an email asking the status of the loan and I said I will get back to her today so I will be glad if this can be done for her today, Kindly get back.
 
Thanks,
Keith.
-----Original Message-----
From: Frank
To: Keith
Sent: Mon, Apr 15, 2013 7:44 pm
Subject: RE: Loan
Keith,
 
I’m sorry…is this something that is of an emergency nature, that needs to be attended to immediately?
 
I didn’t understand that you were waiting for Mindy to contact you immediately with those requirements.
 
What is the deadline for this action so we can figure out how to work this into our schedule for today?
 
Frank
 
From: Keith
Sent: Monday, April 15, 2013 1:31 PM
To: Frank
Subject: Re: Loan
 
Am still waiting for you to send me the requirement
 
thanks
-----Original Message-----
From: Frank
To: Keith
Sent: Mon, Apr 15, 2013 6:54 pm
Subject: RE: Loan
Keith,
 
Will do.
 
Frank
 
From: Keith
Sent: Monday, April 15, 2013 12:54 PM
To: Frank
Subject: Re: Loan
 
I will prefer a wire transfer, Kindly ask Mindy to send me the wire information.
 
Thanks,
Keith
-----Original Message-----
From: Frank
To: Keith
Cc: Mindy
Sent: Mon, Apr 15, 2013 6:50 pm
Subject: RE: Loan
Keith,
 
Good day to you as well!
 
There is enough cash in your joint account to make that loan.
 
We can arrange for the wire transfer, but there is a fee for that service. Wouldn’t it be easier just to give her one of your Schwab checks?
 
If you confirm you must wire transfer her that money, I will have Mindy of my office send you a separate e-mail to let you know what all the information you will need to gather in order to complete that transaction.
 
Sincerely,
 
Frank
 -----------------------------------
From: Keith
Sent: Monday, April 15, 2013 12:16 PM
To: Frank
Subject: Good Morning
 
Hello,
 
    A friend of mine needs to borrow 35,000 do i have enough cash to be able to lend  that to her.  she will be repaying it back in about 4 months. ive lent her money before and got every  penny back.......so i would like to do this if possible.  if it  is possible, can you also arrange for the wire transfer once ive  gotten all of the necessary information. 
 
Thanks, 
 

 

Read more...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 25

Login

Banner
Banner
Banner

Comments

Banner
Banner
Banner
Banner
Banner