You might think the most common breaches of cybersecurity are from hackers who have devised a complex way to sneak onto your network through the “back door.” But the truth is, most business-related cybercrime is the result of employees unlocking the “front door” and inviting thieves in with seemingly innocent, everyday activities.
By surfing the Web, opening personal email or downloading information, images, games, videos and software, you and your staff could be hanging a welcome sign out for cybercriminals looking for an opportunity to access client data and assets, according to Cody Siebert, a financial professional with Siebert & Briggs Wealth Management Advisors in Rosenberg, Texas and the special interest group chief for the financial sector of Houston InfraGard Alliance.
Developed by the Department of Homeland Security, InfraGard is a partnership between the FBI and volunteers representing businesses, academic institutions, law enforcement agencies and other organizations. Members collaborate and share information to help prevent hostile acts against the United States. Infragard recruits members like Siebert who have specific knowledge and skills that could benefit its security efforts.
“The largest cause of a cyberbreach or a hacking breach is actually the employees of the firm themselves,” Siebert said.
“The largest cause of a cyberbreach or a hacking breach is actually the employees of the firm themselves,” Siebert said. “That’s your highest risk. Because they assume going onto this website or that website wouldn’t be harmful. So what we have to do as financial professionals is really get firm and say, ‘You as an employee cannot go to any website unless it’s on the list of what we have approved. Period.’”
When visiting websites, downloading information or opening emails, a staff member may unintentionally introduce a virus, malware or spyware that can allow a hacker access to your network.
Employees may also believe it’s harmless to read and respond to personal email on their personal cellphone or tablet while at work. But if they’re logged onto the office Wi-Fi, they could be creating an opening for thieves to sneak past your security measures.
“If they want to do something personally, even going to their own personal email can breach the entire firm,” Siebert said. “They should not be allowed to do that. Don’t even let them use the Wi-Fi in your office to get on their personal device, because all of that is breachable.”
It’s always wise to password protect your office Wi-Fi. If your staff would like to access personal information or the Internet, consider setting up a computer that isn’t connected to your office network for use during break times. Each year, staff members should sign a digital security policy as proof they understand your firm’s rules governing the use of technology.
Some simple, effective security measures you can put into practice immediately include setting computers to log off automatically after 15 minutes of inactivity and requiring all users to change their passwords every 60-90 days. Siebert recommends passwords include at least 10 characters.
“Anything eight characters or less can be hacked within 30 seconds or less with a free download program from the Internet,” she said.
Although it hasn’t happened yet, it’s only a matter of time before hackers develop a way to access your clients’ standing instructions and change a bank routing number to divert funds to another account, Siebert said. To ensure you’re not the first to fall victim to this type of theft, she recommends routinely verifying clients’ account numbers to make sure they haven’t been unknowingly changed.
Another easy step you can take to protect your clients is to simply get to know them better. By interacting with them more frequently, you and your staff will be able to recognize their voice when they call in to request a transaction.
“If the assistant doesn’t know that client’s voice, do not accept a withdrawal request,” she said. “Because some accounts may already have standing instructions to just send cash; nothing needs to be signed. Unless that assistant knows that’s the actual person on the other end of the phone, don’t accept the order. Call that person back and confirm it.”
As more and more business is conducted online and hackers continue to develop more sophisticated means for accessing sensitive information and pilfering funds, it’s vital for everyone in your office to stay informed of the latest threats and the measures they should take to protect your business and its clients.