Cybersecurity solutions to weak passwords

Cybersecurity solutions to weak passwords
As part of a strong cybersecurity policy, advisers need to pay more attention to stronger password, fingerprint scanners and other technologies to protect their data, especially as the Securities and Exchange Commission sets its sights on cybersecurity this year.
JAN 07, 2016
As part of an effective cybersecurity policy, advisers need to pay more attention to password authentication, fingerprint scanners and other technologies to protect their data. The Securities and Exchange Commission is looking under the hoods of advisers and broker-dealers' cybersecurity protocols. Specifically, the regulator wants to ensure that firms are properly implementing cybersecurity policies, monitoring data and training employees to keep client data safe. Access to data, which includes remote access, customer logins and passwords, is also a focus of SEC scrutiny. Yet, passwords still remain an issue among users across the Internet, as evidenced by a 2015 study of passwords by SplashData. The study found login credentials like "123456" and "password" remained first and second on the list of the worst passwords, a spot that they have held since 2011. "The challenge has been the idea of complex passwords," said Brian Edelman, chief executive of Financial Computer Services Inc., a cybersecurity consulting firm. "But that doesn't solve the problem. It actually creates a new one." If advisers really want to have a secure cyber practice, they will need to implement multiple methods, he said. It can be convenient, as well as efficient, he added. Mr. Edelman tells his clients to have multi-factor authentication on top of their password managers, which store log in credentials. Multi-factor authentication methods include receiving a passcode texted or called in to the users, who then enters it into their systems.
Worst password of 2015
RANK 2015 2014 CHANGE FROM 2014
1 123456 123456 unchanged
2 password password unchanged
3 12345678 12345 1 ↗
4 qwerty 12345678 1 ↗
5 12345 qwerty 2 ↘
6 123456789 123456789 unchanged
7 football 1234 3 ↗
8 1234 baseball 1 ↘
9 1234567 dragon 2 ↗
10 baseball football 2 ↘
11 welcome 1234567 new
12 1234567890 monkey new
13 abc123 letmein 1 ↗
14 111111 abc123 1 ↗
15 1qaz2wsx 111111 new
16 dragon mustang 7 ↘
17 master access 2 ↗
18 monkey shadow 6 ↘
19 letmein master 6 ↘
20 login michael new
21 princess superman new
22 qwertyuiop 696969 new
23 solo 123123 new
24 passw0rd batman new
25 starwars trustno1 new
Source: SplashData
Sid Yenamandra, the co-founder and chief executive of Entreda, a financial services cybersecurity consulting firm, said single sign-on software that logs into linked apps with a master identity is another option. Such software can also help advisers change hoards of passwords in one swoop, as opposed to having to log into each platform and change the password individually. "It is very clear that in order for cybersecurity to be successful, it needs to be convenient," Mr. Edelman said. Neil Waxman, managing director and a financial adviser at Capital Advisors, Ltd. in Shaker Heights, Ohio, ensures his firm is secure with fingerprint scanning for its laptops and quick desktop and smartphone log-out times, on top of a password policy with numerous requirements. The firm came up with its cybersecurity protocol after having an audit and going through training years ago. "This requires users to re-enter their passwords often, which is annoying but a small price to pay to protect our client's confidentiality," Mr. Waxman said. A fingerprint scanner allows employees to log back into their systems more quickly, he said. It is also more secure than just a password, which can be hacked. Biometric measures are specific to the individual. Mr. Yenamandra said biometrics is a viable option for advisers, so long as they consider it is another piece of hardware that needs upkeep and maintenance. "It is always a great idea to have because it provides an added layer to ensure trust," Mr. Yenamandra said. He added that it is technology that is not widespread yet, but available on certain smartphone and laptop devices. It can also be bought externally. The three main cybersecurity focal points, Mr. Yenamandra said, are "authentication, authorization and control." The SEC is also serious about those focal points, and has already started cracking down on firms and their cybersecurity measures. Financial firms are still coming up short in their cybersecurity efforts, made evident when the SEC charged R.T. Jones Capital Equities Management in St. Louis for failure to have a policy in place. "Cybersecurity is not a technical thing, it is a common sense thing," Mr. Edelman said. "[The SEC is] fining firms, so this is not a warning anymore."

Latest News

NASAA moves to let state RIAs use client testimonials, aligning with SEC rule
NASAA moves to let state RIAs use client testimonials, aligning with SEC rule

A new proposal could end the ban on promoting client reviews in states like California and Connecticut, giving state-registered advisors a level playing field with their SEC-registered peers.

Could 401(k) plan participants gain from guided personalization?
Could 401(k) plan participants gain from guided personalization?

Morningstar research data show improved retirement trajectories for self-directors and allocators placed in managed accounts.

UBS sees a net loss of 111 financial advisors in the Americas during the second quarter
UBS sees a net loss of 111 financial advisors in the Americas during the second quarter

Some in the industry say that more UBS financial advisors this year will be heading for the exits.

JPMorgan reopens fight with fintechs, crypto over fees for customer data
JPMorgan reopens fight with fintechs, crypto over fees for customer data

The Wall Street giant has blasted data middlemen as digital freeloaders, but tech firms and consumer advocates are pushing back.

The average retiree is facing $173K in health care costs, Fidelity says
The average retiree is facing $173K in health care costs, Fidelity says

Research reveals a 4% year-on-year increase in expenses that one in five Americans, including one-quarter of Gen Xers, say they have not planned for.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.