Making your systems more hacker-resistant

The SEC's Regulation S-P puts many advisers in a bind.
APR 25, 2010
The SEC's Regulation S-P puts many advisers in a bind. On one hand, the rule gives advisers a threefold responsibility: insuring the security and confidentiality of customer records, protecting against any anticipated threats or hazards to that information, and preventing, if at all possible, unauthorized access to and use of those records. At the same time, the Securities and Exchange Commission provides little or no practical direction as to how advisers should carry out their responsibilities. So what are average advisers supposed to do to protect their firms, themselves and their client data? Here are some practical tips. As simple and rudimentary as it might seem, the humble password is a good and often overlooked place to start. Avoid using passwords that are easy to figure out. Believe it or not, among the most common passwords, as noted by several security experts and security websites, are “password,” “123456,” “abc123” or simply a person's name. The strongest passwords are typically considered to be at least eight characters long, have a mix of upper- and lowercase letters, numbers and even punctuation marks just to add to the complexity. Many people have a tendency to choose passwords that are short, say, seven characters or fewer. They use single words found in dictionaries or simple, easily predicted variations on words. Advisers should avoid such passwords because hackers will use what is known as a “dictionary attack,” a fairly common approach employing computer programs that simply cycle through lists of such words to find a password. A good security route to use is a “passphrase” instead of a single word. “Passphrases are also easy to remember,” said Peter Herzog, senior software and systems specialist with the financial services technology consulting firm ActiFi Inc. Mr. Herzog cited as examples of strong passphrases “Let'sHireAct1F1” or “ExceedExpectati0ns.” For advisers who find this all a bit too confusing, especially when it comes to remembering multiple passwords or phrases, there are password management programs that automatically generate passwords. Using such software means you have to remember only a single master password. Two well-regarded auto-password programs are Roboform, a commercial product, and Password Safe, which is open-source (free).

KEEP SECURITY UPDATED

Some security suites, including Norton Internet Security 2010, build in auto-passwords. Independent advisers running their own shops should settle for nothing less than a top-of-the-line security suite. And the key is to keep it updated. Advisers should select a top suite over individual security products because a suite's anti-virus features are designed to work seamlessly with its other core components, such as its firewall. Neil Rubenking, PC Magazine's lead analyst for operating systems and security, constantly tests these products. He recently selected the Norton Internet Security 2010 as the best suite on the market, representing a good balance for users. In his tests, the suite caught plenty of malicious content, viruses, spyware and spam, yet affected computer performance only slightly. “That's because it does its work when your computer is idle,” not while you are processing a lot of client data, he explained. Charles Meyer, proprietor of Meyer Advisory Services, who takes the security of client data quite seriously, has two personal computers in his office to store client data and keeps both isolated from the Internet. “Rootkits and keyloggers [among other threats] are good reasons not to keep client information on a computer connected to the Internet,” Mr. Meyer wrote in an e-mail, referring to two common ways hackers breach a computer. A rootkit consist of spyware and other programs that a hacker uses to monitor a person's online use and keystrokes. It creates a “backdoor” into the system and allows the attacker to mask the intrusion and gain root or privileged access to the computer. Keylogging programs gain unauthorized entry to your computer, enabling hackers to record all your keystrokes, including passwords — all while you are unaware that your actions are being monitored. While unplugging from the Internet works for Mr. Meyers, this may not be the most practical way for advisers to lock down their systems. For that, security software solutions may be a better bet. E-mail Davis D. Janowski at [email protected].

Latest News

Northern Trust names new West Region president for wealth
Northern Trust names new West Region president for wealth

The new regional leader brings nearly 25 years of experience as the firm seeks to tap a complex and evolving market.

Capital Group extends retirement plan services further with a focus on advisors
Capital Group extends retirement plan services further with a focus on advisors

The latest updates to its recordkeeping platform, including a solution originally developed for one large 20,000-advisor client, take aim at the small to medium-sized business space.

Supreme Court slaps down challenge to IRS summons for Coinbase user data
Supreme Court slaps down challenge to IRS summons for Coinbase user data

Crypto investor argues the federal agency's probe, upheld by a federal appeals court, would "strip millions of Americans of meaningful privacy protections."

Houston-based RIA Americana Partners adds $1B+ with former Morgan Stanley director
Houston-based RIA Americana Partners adds $1B+ with former Morgan Stanley director

Meanwhile in Chicago, the wirehouse also lost another $454 million team as a group of defectors moved to Wells Fargo.

Edward Jones to bring overlay management in-house with Natixis deal
Edward Jones to bring overlay management in-house with Natixis deal

The broker-dealer giant's latest acquisition agreement extends its push towards offering enhanced financial planning and investment management.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.