Cybersecurity
Protecting your financial information
As technology advances, so do the avenues used by criminals to target victims. Cyber-criminals are increasingly targeting investors and attempting to exploit the relationship with their financial advisors. These cyber-criminals either contact advisors impersonating a client, or contact clients impersonating their advisor. Savant Investment Group is dedicated in keeping our client’s personal information safe. If you receive a call from Savant, and you don’t recognize the voice, we suggest that you call us back at our main number 415-926-7200. Also, recognize that
We will never request any of this information through an email or phone call:
Full Account Number
Full Social Security Number
Any password or PIN information
Other formal identifications such as
- Passport numbers
- Driver's license number
- Date of Birth
Please notify us immediately if you suspect:
Your personal data has been lost or stolen
Your email has been compromised or you have been a part of a data breach at another company
Any of your financial accounts have been compromised
Any money movement in your account you did not authorize
Finally, we will double check with you if we suspect any potential unauthorized request (such as an email asking for a transfer of funds). We apologize in advance if it seems like we’re being overly cautious, but in truth, we can’t be overly cautious.
We have also outlined ways you can protect yourself from various types of cybercrimes below.
Email Protection
Email = Post Card
Always treat emails as you would a post card. Avoid sharing any key personal identifying information (such as your social security number, account numbers, or driver’s license number) in an email or attachment. If you must send this type of information, communicate that sensitive information verbally or password protect the attachment if possible. It is also good practice to establish separate email accounts for personal correspondence and financial transactions.
Delete it
Permanently delete any emails that include detailed financial or personal identifying information from your inbox and sent folders. Preserving emails beyond the time their needed in your email account can potentially allow a cyber-criminal to review, piece together your personal information and gain access to your accounts. If you need to keep these emails, use a secure data storage program outside of your inbox to archive critical data.
Think twice
Never click on links in an unsolicited email. Oftentimes, these are scams to get to you a fake website (setup to look like the real one) allowing a cyber-criminal to access your personal information.
Password Protection
Diversify
Just as Savant diversifies your portfolio, you should diversify the passwords you use for your financial accounts versus social media websites. Don’t use the same password on every website. If you do, a cyber-criminal could easily use that password on all websites you use and gain access to all your accounts and information simultaneously.
Strength in numbers
Having a strong password, a password that contains at least 12 letters, numbers and punctuation characters makes it harder for these cyber-criminals to get into your accounts.
Consider using a password manager such as LastPass, 1Password, or Dashlane. These types of sites create, store and manage strong passwords for sites you log into and update them as needed without you having to worry about remembering which password goes to what site and updating it. Here are a couple of tips to creating passwords and remembering them.
Try this
Create a base password and set a standard rule for yourself in password creation.
Example: If you choose your base to be “wxyz”, you can add “FIN” for any financial websites you use and add a number and/or punctuation anywhere in the password. In this example, you could end up with “wxyz&FIN23!!” or “2wxyzFIN&3!!” as a password that is strong and difficult to guess.
Or this
Be creative. Think of a special phrase that you will always remember and construct a password using the first letter of each word in that phrase.
Example: “I want to go to Europe in winter!” could become “1w2g2Eiw!!”
Challenge your answers
Many websites provide you with security-challenge questions when you sign up on their site to help protect your account and assist you in remembering your password. Just note, these are also widely used by cyber-criminals. Your Facebook or Twitter page may hold all the answers a cyber-criminal needs to gain access. Your simple defense is to consciously select security challenge questions where the answers cannot be gained through social media or other online channels.
Multiply the security layers
Many financial institutions, as well as email providers, now offer multi-factor authentication. Basically, this added layer of protection on your online accounts protects you in case your password is compromised. When enabled, your financial institution or email provider will send you a text message with a random pass-code each time you log in to their website. This will stop a cyber-criminal in his tracks. He may have your password, but without access to the random pass-code that is sent to the device you physically have, he is unable to gain access to your account. Check out Two Factor Auth to see if any of your providers offer multi-factor authentication.
Social Media Protection
Be socially responsible
Status updates, photos, and comments can reveal more about you than you intended to disclose. Think before you share personal information online. Cyber-criminals widely use this information to piece together information about you and potentially gain access to your accounts. Remember, anything you post online is now public information, so post consciously.
Time your online vacations wisely
While it is tempting to “Check-in” while vacationing on social media, sharing your exact time and location online can be used by cyber-criminals. It’s best practice to avoid announcing upcoming trips online and only share vacation memoirs after you have returned home.
Background Geolocation
As mentioned before, sharing your location can be harmful, but most social media sites can post your location automatically if that data is available. This function is most likely enabled on your mobile device to interact with a social network. The safest way to check is in the settings of the applications and network on your devices and make sure location services are disabled.
Web Surfing Protection
Make sure you are on the right site, not one pretending to be
When typing a website’s address or URL, always double-check what you typed before hitting the <Enter> key. Some malicious websites prey on mistyped URLs and create a mocked version of the real website to fool you into entering your credentials.
Spotting the fake
Consider asking yourself these questions:
1. Does the site look weird? Are the colors off? Is the logo distorted or grainy?
Oftentimes, this may mean you are not on the legitimate site of the website you are trying to reach.
2. How did you get to this site? Through a link in an email or social media?
Links in unsolicited emails or social media sites should not be trusted, instead, type in the address of the website and find the page you are looking for on your own.
3. Is the website you visited in the past, now asking for personal information?
This should be a red flag.
4. For secured sites, does the address contain https:// ? Does the lock icon and or green shading show up in the address bar?
If none of these are apparent, do not enter any user ID, password or personal information on that site. Instead close your browser, clear all cache and relaunch and type in the address manually.