Routine security audits are a systematic assessment of a company’s information system’s security by determining how well it complies with a set of criteria. The security of the system’s physical setup and environment, software, material handling processes, and user activities are normally assessed during a comprehensive audit. Why it’s important:  As your wealth management team, part of our service to you involves mitigating the risk of financial loss.  We frequently discuss loss of income due to disability, loss of wealth due to taxes or missed opportunities, but what about the risk of financial loss as the result of identity theft?  What would happen if your home were burglarized, your computer stolen, or your smartphone lost?  Most people only consider these risks when first setting up a device or network and rarely, if ever, revisit the subject.

The bottom line is that cybercrime damages will cost the world $6 trillion annually by 2021, which is double the $3 trillion price tag from 2015.  This threat continues to evolve and grow.  At the very least, identity theft or other cybercrimes can be time-consuming and frustrating to resolve.  In worse cases, victims incur financial loss and their credit may be damaged.  The old adage applies here: an ounce of prevention is worth a pound of cure.

Often, the task of securing our technology seems daunting because of fear that we lack the needed technical knowledge.  Even the most tech-savvy people can become helpless in the event of a cyberattack or technology loss.   You can take steps to protect yourself by following these recommended safety guidelines and performing these “cyber” housekeeping measures on a routine basis.

Routine Security Audits & Standard Operating Procedures

Routine security audits aid in the protection of sensitive data, the identification of security flaws, the creation of new security protocols, and the monitoring of the efficacy of security initiatives. Regular audits enable personnel to follow best practices so that new security vulnerabilities are discovered. Keep on reading for our most important routine security audit tips.

Password Criteria

Of course, we must start here, as passwords are an integral part of connected life.  It’s also usually the weakest link in your security fence. Passwords should have the following criteria:

• Make sure it is longer than 6 digits, such as a short phrase
• Mix upper and lowercase letters, numbers, and at least one symbol
• For example: Winteri$comings00n! or theF!$hareBiting@MilleLacs 

You should also avoid using the same password for multiple applications.  In addition, aim to aggressively limit the sharing of credentials.

Use a Password Keeper

Many applications require frequent password changes for your protection.  You might be thinking, how am I supposed to constantly invent new passwords that I can remember, while following these guidelines?  There is a solution: it’s called a password manager.

Yes, your web browser like Chrome, Firefox, or Internet Explorer have integrated password managers, but these are not ideal for a few reasons.  First, the browsers often store your password files on the computer in unencrypted form.  Secondly, browser password managers don’t have the added features of multi-factor authentication or generation of complex random passwords.  Most frustrating of all, they may have problems syncing across platforms.  For example, Mozilla Firefox cannot sync to iOS devices.

A password manager works by allowing you to set up a personal profile with a Master Password.  Once you visit a website, the software will ask if you want to store the credentials.   Choose a program that can be loaded onto all of your devices for continuity and convenience.  For example, if you update a password on your PC, the password keeper will update it on all devices.  A good password keeper can help generate random passwords and store them for extra security with easy login.

You can choose desktop-based or cloud-based.   While some users have qualms about their passwords being stored in an encrypted, cloud-based vault, a desktop-based application will store the passwords locally on your device.  If the device is lost or destroyed, you also lose your stored passwords.  Be sure to choose a manager that encrypts the storage vault on the local computer or in the cloud, to ensure an additional layer of protection from hackers.

Electronic Signatures

Contrary to prevailing beliefs, electronic signatures are the safest way to transact business remotely.  If you are signing documents that contain any of your personal information, electronic signatures are the most secure.  Remote signing software uses a two-prong authentication approach, tracks IP addresses of anyone who accesses or signs the document for tracking purposes, and generates a seal of authenticity.

Inventory your Devices

There are a couple of ways to assess the various risk exposures in your home. First, start a spreadsheet or list of all of your devices.  Write down the model and serial number information, as well as all users and any device passwords. Don’t forget smart TVs, Roku or gaming devices, Fitbits, baby monitors, and ancillary technology such as printers or scanners. This information will be critical in filing an insurance claim in the event of a theft.

The second tool you can use to inventory devices is your Wi-Fi router software. If you haven’t already registered, do so and log in, then note which devices are connected, signed-in, or otherwise contain sensitive data.  Be sure you can identify all devices connected to your network, and change your Wi-Fi password frequently.  You can also create different channels for home entertainment and business using most router software.  Segmenting your networks and applying different passwords for each can allow some users access to entertainment or school computing, while requiring a different password to access highly sensitive data which might be kept on a work computer.

Inventory Users & Storage

Who in your home has access to your devices?  If you have roommates, children, a nanny or assistant, or if you share devices, it is important to ensure that your data is properly stored.   For precious items like photos, consider using an external hard drive in addition to encrypted cloud-based storage.  For tax-returns, statements, or other highly personal data, you may want to consider encrypting your hard drive.  At the very least, apply a password to the document itself, or place sensitive documents into partitioned folders that cannot be accessed without the correct credentials.   Never store sensitive items on your device without a password or encryption.

Delete, delete, delete!

Once your important files are secure, a path is cleared for frequent cleaning without worry.  Delete your junk mail, old emails, old documents, and duplicate files.  Many hackers gain control of your data by email.  They trick you into clicking on a link or opening a file that unleashes harm into your system, sometimes without your knowledge.   Delete all junk email and spam, and frequently purge old email.

Educate all users

Set aside some time to make sure all device users understand the safety protocols:  don’t share passwords, sign out of your devices after using, and never, ever click on anything unless you know the sender and can be sure the link or file is safe.   A Google search for “Cyber safety videos for kids” can help you in educating your children about internet safety.   Imagine a scenario where your child accidentally clicks on a link that looks like something innocent, only to unleash a virus onto your family PC.   In many cases, these type of hacks could be avoided by spending a little time making sure everyone in the household understands the risks and protocols.  A great list for parents can be found here: Take a Byte Out of Cyber Crime

Routine Device Maintenance

In addition to deleting old files and emails frequently, perform system updates and application updates regularly.  These updates continually patch security exposures in the software.  Anti-virus and anti-malware software are also essential helpers in keeping your browsing arena safe.  Run the security scans as often as recommended, and any time you suspect anything unusual.

Contingency Plan

Scrambling to recover your life after a device is stolen, destroyed, or otherwise dies can be a lot less stressful if you have a plan ready to deploy.  If you’ve created a technology inventory as described above, you are already on track to creating a sound contingency plan.   Having a password manager will also ease the burden, as you can log in using the master password to retrieve the remainder of your login credentials.

While you should generally keep your credentials private for security reasons, spouses should provide a safe location where they record their master passwords.  In the event one spouse dies or becomes disabled, hospitalized, or otherwise incapacitated, their spouse will know how to access the various websites where financial or other important data may be needed.   For unmarried people, consider storing your master password with your attorney, financial advisor, or trusted family member.

Consider two scenarios in drafting your contingency plan:  incidence of a hack and incapacitation or death.  Being prepared in the event your technology is stolen is just as important as preparing your loved one for the convenient retrieval of any important information should something happen to you.

Routine Security Audit Checklist for your Home Network

Complete Every 90 Days

• Delete old emails and unused files.
• Backup your devices to your external hard drive or cloud backup service.
• Change the Wifi network password.
• Reset your Password Manager master password.
• Review your firewall and router settings.
• Run security scans for anti-virus / anti-malware and a system cleaner to remove temporary files and clear caches.
• Review contingency plan, update if needed.
• Review technology inventory, update if needed to add new devices or remove old ones.
• Check to see if your email was involved in a data breach at haveibeenpwned.com. If you locate your email in a breach, be sure to change the password for any of those companies, or disable your credentials altogether.

The internet is a great place to start in learning about the aspects of home cyber safety that may be unfamiliar to you.  Windows, Google, and all applications or browsers generally have safety and privacy sections that can be explored.  In addition, there are professional companies that will audit your home or work network to identify and correct security risks for a fee.

There are a lot of risks to navigate in life.  The increasingly “online” nature of business, entertainment, and personal relationships makes it impossible to completely partition your personal, private information from your online presence.   Choosing to stay offline isn’t much of an option these days.  With the convenience and speed the internet offers, so too are opportunities for loss and exposure.  By taking some time to prepare when things are all working well, you can be in a better position to bounce back quickly in the event of an attack.

If you’re considering working with us here at Mosaic, we invite you to learn more about who we serve and how we help them. You can also contact us with any questions you have.

By Sheila Evans | Practice Coordinator of Mosaic Financial Associates & Orthopaedist Advisory Group | Non-Producing Registered Representative | Securities and advisory services offered through Cetera Advisors LLC, Member FINRA/SIPC, a broker/dealer and a Registered Investment Advisor.  Cetera is under separate ownership from any other named entity.