Cybersecurity solutions to weak passwords

Cybersecurity solutions to weak passwords
As part of a strong cybersecurity policy, advisers need to pay more attention to stronger password, fingerprint scanners and other technologies to protect their data, especially as the Securities and Exchange Commission sets its sights on cybersecurity this year.
JAN 07, 2016
As part of an effective cybersecurity policy, advisers need to pay more attention to password authentication, fingerprint scanners and other technologies to protect their data. The Securities and Exchange Commission is looking under the hoods of advisers and broker-dealers' cybersecurity protocols. Specifically, the regulator wants to ensure that firms are properly implementing cybersecurity policies, monitoring data and training employees to keep client data safe. Access to data, which includes remote access, customer logins and passwords, is also a focus of SEC scrutiny. Yet, passwords still remain an issue among users across the Internet, as evidenced by a 2015 study of passwords by SplashData. The study found login credentials like "123456" and "password" remained first and second on the list of the worst passwords, a spot that they have held since 2011. "The challenge has been the idea of complex passwords," said Brian Edelman, chief executive of Financial Computer Services Inc., a cybersecurity consulting firm. "But that doesn't solve the problem. It actually creates a new one." If advisers really want to have a secure cyber practice, they will need to implement multiple methods, he said. It can be convenient, as well as efficient, he added. Mr. Edelman tells his clients to have multi-factor authentication on top of their password managers, which store log in credentials. Multi-factor authentication methods include receiving a passcode texted or called in to the users, who then enters it into their systems.
Worst password of 2015
RANK 2015 2014 CHANGE FROM 2014
1 123456 123456 unchanged
2 password password unchanged
3 12345678 12345 1 ↗
4 qwerty 12345678 1 ↗
5 12345 qwerty 2 ↘
6 123456789 123456789 unchanged
7 football 1234 3 ↗
8 1234 baseball 1 ↘
9 1234567 dragon 2 ↗
10 baseball football 2 ↘
11 welcome 1234567 new
12 1234567890 monkey new
13 abc123 letmein 1 ↗
14 111111 abc123 1 ↗
15 1qaz2wsx 111111 new
16 dragon mustang 7 ↘
17 master access 2 ↗
18 monkey shadow 6 ↘
19 letmein master 6 ↘
20 login michael new
21 princess superman new
22 qwertyuiop 696969 new
23 solo 123123 new
24 passw0rd batman new
25 starwars trustno1 new
Source: SplashData
Sid Yenamandra, the co-founder and chief executive of Entreda, a financial services cybersecurity consulting firm, said single sign-on software that logs into linked apps with a master identity is another option. Such software can also help advisers change hoards of passwords in one swoop, as opposed to having to log into each platform and change the password individually. "It is very clear that in order for cybersecurity to be successful, it needs to be convenient," Mr. Edelman said. Neil Waxman, managing director and a financial adviser at Capital Advisors, Ltd. in Shaker Heights, Ohio, ensures his firm is secure with fingerprint scanning for its laptops and quick desktop and smartphone log-out times, on top of a password policy with numerous requirements. The firm came up with its cybersecurity protocol after having an audit and going through training years ago. "This requires users to re-enter their passwords often, which is annoying but a small price to pay to protect our client's confidentiality," Mr. Waxman said. A fingerprint scanner allows employees to log back into their systems more quickly, he said. It is also more secure than just a password, which can be hacked. Biometric measures are specific to the individual. Mr. Yenamandra said biometrics is a viable option for advisers, so long as they consider it is another piece of hardware that needs upkeep and maintenance. "It is always a great idea to have because it provides an added layer to ensure trust," Mr. Yenamandra said. He added that it is technology that is not widespread yet, but available on certain smartphone and laptop devices. It can also be bought externally. The three main cybersecurity focal points, Mr. Yenamandra said, are "authentication, authorization and control." The SEC is also serious about those focal points, and has already started cracking down on firms and their cybersecurity measures. Financial firms are still coming up short in their cybersecurity efforts, made evident when the SEC charged R.T. Jones Capital Equities Management in St. Louis for failure to have a policy in place. "Cybersecurity is not a technical thing, it is a common sense thing," Mr. Edelman said. "[The SEC is] fining firms, so this is not a warning anymore."

Latest News

SEC bars ex-broker who sold clients phony private equity fund
SEC bars ex-broker who sold clients phony private equity fund

Rajesh Markan earlier this year pleaded guilty to one count of criminal fraud related to his sale of fake investments to 10 clients totaling $2.9 million.

The key to attracting and retaining the next generation of advisors? Client-focused training
The key to attracting and retaining the next generation of advisors? Client-focused training

From building trust to steering through emotions and responding to client challenges, new advisors need human skills to shape the future of the advice industry.

Chuck Roberts, ex-star at Stifel, barred from the securities industry
Chuck Roberts, ex-star at Stifel, barred from the securities industry

"The outcome is correct, but it's disappointing that FINRA had ample opportunity to investigate the merits of clients' allegations in these claims, including the testimony in the three investor arbitrations with hearings," Jeff Erez, a plaintiff's attorney representing a large portion of the Stifel clients, said.

SEC to weigh ‘innovation exception’ tied to crypto, Atkins says
SEC to weigh ‘innovation exception’ tied to crypto, Atkins says

Chair also praised the passage of stablecoin legislation this week.

Brooklyn-based Maridea snaps up former LPL affiliate to expand in the Midwest
Brooklyn-based Maridea snaps up former LPL affiliate to expand in the Midwest

Maridea Wealth Management's deal in Chicago, Illinois is its first after securing a strategic investment in April.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.