Investment risk management is ultimately about protecting and growing your assets over your time horizon. This involves addressing the aspects of your investment program that can be controlled and then minimizing your exposure to what cannot be controlled. Information Technology (IT) risk management is also about protecting your financial assets.
The majority of cyber-attacks have one purpose – to steal your money. The culprits may seek access to your credit card, bank account, or investment account numbers. Or, they may infect your system with viruses to gain control of your computer and encrypt all of your files, then charge you a ransom to allow you to regain control. Along the way, they may also hijack your contact information and use it to attack your unsuspecting acquaintances.
Managing these risks is accomplished by educating ourselves on vulnerabilities, taking steps to eliminate preventable risks, and reducing exposure to those external risks that are out of our control. Given the growing importance of information technology in our lives, both personally and in business, we felt that a joint article on cybersecurity could help readers improve their overall risk management practices.
While the origin of Ben Franklin's quote - "An Ounce of Prevention is Worth a Pound of Cure" - was to address the risk of a fire, it is a worthy motto for all risk management disciplines. Yet when it comes to IT security, trying to figure out how to get that ounce of prevention can be daunting.
Here are three simple steps you should take to control what you can with respect to your cybersecurity:
- DO NOT DELAY OPERATING SYSTEM The frequent requests to update your operating system from Microsoft, Apple, or Google may seem like an annoyance, but they may also be an opportunity to snuff out the match before it starts a fire. Vulnerabilities in operating systems can be a dangerous source of breaches in cybersecurity, and operating system updates often include patches for known vulnerabilities. When a notification to update your operating system appears on your personal computer or mobile phone, take the time to perform the update as soon as possible. The time spent waiting for your device to update and restart may be that ounce of prevention you need to avoid an attack.
- CHECK YOUR PROTECTION Personal computer security software, also known as antivirus or anti-malware software, is another important ounce of prevention for your cybersecurity. There have been significant advances in the technology involved in combating cyber-attacks, including automatic updating for new known threats and even artificial intelligence-based programs that detect when programs are performing actions that they should not. Likewise, credit monitoring services can help you detect whether your personal information is being misused. The costs of this software and these monitoring services are quite small relative to the risks they help you avoid, so periodically review what you are using and what is available to ensure that you are well-protected.
Related to this point are other tools to protect your personally identifiable information, including strong passwords and multi-factor authentication. Simple passwords tied to information that can be easily discovered, such as your birthday or address, may be easier to remember but they are also easier for cybercriminals to figure out. Using more complex passwords (including having symbols in the password) or a passphrase (such as I like chocolate ice cream!) can improve the chances of protecting yourself from an attack. For many of us, it is difficult to remember complex passwords, so a password manager can be a useful tool, since it allows you to get access to all of your passwords stored in the manager by remembering just one password. Finally, tools like multi-factor authentication, which may include both a strong password and the answer to a personal question or some other proof that you are the person typing on the keyboard, such as biometrics (thumb print or facial recognition), also strengthen your protection.
- THINK BEFORE YOU CLICK (AND SHARE). The greatest difficulties that many people have in trying to avoid preventable IT security risks are their own time and You find it convenient to connect to public wi-fi to get access to your email. You get an email that is unusual but might be from someone or some company you know. You are asked to click on a link with an address that is just a little off of what it should be (like amazon.com instead of amazon.com). A busy day, a quick glance, an errant click is all that it takes to facilitate entry into your system and exposure of your personal information. Tip #1: do not use public wi-fi as it can be a source of vulnerability. Tip #2: take the time and have the focus to look closely at what you are opening and what links you are following. These steps can go a long way towards protecting your cybersecurity.
The number and growth of cyber-attacks, as well as the costs to individuals, businesses, and organizations, are truly alarming. However, you may feel that the risk of a cyber-attack is low for you because you or your business is not really a target. However, cybercriminals often attack vulnerabilities rather than individuals through the use of scanning tools that scan Internet connected computers. A few ounces of prevention can go a long way towards reducing those vulnerabilities and improving the security of your financial assets.
Sources: JOHN G. ROMAN, JR., CIO- THE BONADIO GROUP and JEFFREY S. COONS, PH.D., CHIEF RISK OFFICER—HIGH PROBABILITY ADVISORS
For more information, please click here.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.
Subscribe to receive new articles and resources from our information risk management experts directly in your inbox as soon as they're available.