Information Security

Written By David Young

In 2017, Equifax had a data breach. EQUIFAX.

You know, the credit bureau that knows everything about your financial data?  The company that you would assume had the most bullet proof information security and processes? That Equifax.

The breach exposed roughly 147 million US consumers’ sensitive information, including social security numbers, birthdates, and addresses. This breach woke up a lot people, but it was hardly an uncommon event.

In fact, check this out:

The above shows a map of the largest data breaches and hacks over the past 20 years. I bet you have interacted with quite a few companies on this list. It is worth clicking through the link on the image to see for yourself.

Here’s some cold, hard truth: Your information is likely already on the dark web through no fault of your own.  

If that’s true, what do you do?

The information the bad guys want is your Personal Identifiable Information (PII). This includes things like

  • Names: legal name, maiden name, mother’s maiden name

  • Important identification numbers: - Social Security #, drivers license #, passport #, license plate #, tax payer #

  • Your addresses: current address, email address, telephone number.

  • Financial data: account numbers, credit card numbers, tax records, bank numbers

  • Employment information: work history, employee id #’s,

Here's how I operate: I assume my PII is already compromised, because it likely has been. Then, I put all my focus into defense — I think you should do the same.

Here’s how to play defense.

1) Monitor your credit and transactions

Sign up for a credit monitoring service. The free monitoring services are good (like CreditKarma.com), but be aware they will be pitching you their paid service plans or try to get you to sign up for a new credit card through them or their affiliates. If you can ignore those advances, go with free….Or you can pay for a credit monitoring service and avoid the sales pitches.  

The services will alert you if someone pulls your credit history, applies for a loan, or opens new accounts under your name. This is valuable.

2) Follow good digital habits

  • Be skeptical. If someone is demanding you do something fast, be skeptical. If it seems off, it probably is. Run it by the people you trust (like us, for example).

  • Use strong passwords and always turn on 2 factor authentication. This is the defense they say “wins championships”. This simple step thwarts many ways bad people can do bad things with your data.

  • Use secure methods to transfer PII data.

    • Not very secure - email/text/carrier pigeon

    • More secure - encryption

    • Most Secure - end-to-end encryption

Here’s a helpful way to think of data security.

You want to send your friend a secret message, but your friend lives in a different city. The secret message is all your PII data. You want to make sure no one else gets it. Here are the three options you have.

  1. You write your secret message on a piece of paper and mail it to them. Anyone could steal your letter, at any point a long the way, and get your secret information. That is like sending PII through email or a text.

  2. You write the secret message on a piece of paper, then scramble it with a code, mail it, and give your friend the secret code to put the message back together. That is encryption.

    The biggest problem with encryption is how much do you trust the mail man? and how good is your code?

  3. You write the secret message on a piece of paper, scramble it with a code, and then you mail it in small chunks with 100 different mail men. Your friend receives the message fully intact, and unscrambles it with the code. That is end-to-end encryption.

The best way to get access to encryption is by using trusted providers with high standards.

Here’s how Harding Wealth is going to help you play defense.

Monitoring and transaction checks:

  • If we get an email or text from you with a cash flow related request, we are going to always pick up the phone and call you at the number we have on file. We do this to verify your voice and the request. We may even hop on a Zoom or Facetime call to verify your voice, face, and the request if something seems off.

  • We serve as a second set of eyes on your investment accounts and the transactions within them. We understand your cash flow needs and plan. If we see something that doesn’t make sense, we will call you. One advantage of being a small firm is knowing our clients and their details well. If a firm gets too big it is difficult to catch these types of things. Today, Harding Wealth serves about 120 client households.

Following good digital habits:

  • Adam and I are both natural skeptics. Don’t believe me? Try selling us an MLM investment, IUL insurance policy, or an expensive fund.

  • For our firm- we use strong passwords and 2 factor authentication.

  • Harding Wealth uses tools and software that we feel give our clients the best experience possible, and provides us with cutting edge insight and service.  

    For instance, you can securely link your bank to your investment accounts, which allows you to send money back and forth between the two, with just a few clicks, in a secure manner. This is done digitally through a company called Plaid.  Plaid has worked with 11,000 + banks & financial institutions to create a direct, end-to-end encrypted process for linking your financial accounts.  

  • We do our very best to make sure we are sending and receiving PII data in the most secure way possible. We use trusted service providers that have high standards for transferring important data securely. Some of these providers include:

    • Box: for receiving confidential PII data including statements, policies, estate information, account information etc.

    • Holistiplan: for receiving and processing tax returns.

Avoiding scams:

We are always available to be your fraud or scam investigators.

Here’s the formula most common scams try to use:

  • catch you off guard

  • create urgency

  • convince you to keep it a secret

  • wire money to solve the made up problem.

Adam and I have both helped clients not fall victim to elaborate fraud schemes. Both schemes followed the above formula.

Before you ever wire money- run it by us as your scammer backup. Inform us of the circumstances and details of the transaction. It can save some real heart ache.

A final thought

I get the feeling of wanting to go back to an analog world. But the reality is that world had plenty of problems, too.

It is easy to lose sight of how much productivity, ease, and convenience we have gained by transitioning to a digital world. Don’t believe me?

Find your nearest Gen Z’er, wrap your arm around them, and explain how you used to pay bills. Do it something like this - bills get mailed to your house, you make a big stack, then you pay each one individually by pulling out your checkbook, writing a check, and sending that check back in the mail. And you’d do this for each bill, every single month.

Now enjoy the face they make.

The tradeoff for digitization is vulnerability — so let’s try to minimize the downside of that.


That’s all for now.

David Young
Advisor + Certified Financial Planner™
Harding Wealth

David Young
Previous

Popularity Contest
Next

Monthly Market Wrap — April 2024