Cybersecurity best practices in the current environment

Submitted by john.warren on June 18, 2020

Hi everyone. I'm Adam Moseley. I'm a member of Schwab's Technology, Operations and Cybersecurity Consulting Team. And like you, I'm working from home today.

Now, working from home is nothing new to our organization. It's nothing new to many of your organizations. However, having an entire workforce working from home, I think is something that is entirely new for many advisor organizations. So with that in mind, I'm here today to share a number of timely cybersecurity tips and best practices, along with pointing you towards a number of resources that we've created that are all designed to help you strengthen your cybersecurity efforts within each of your firms.

Now, first and foremost, and perhaps the most important thing that I have to share with you today, is the importance of your people in this equation. Many in leadership might think of their people as the weak link in their fight against cybercrime. And I'm here to tell you that with the right training, the right education, awareness, empowerment, you can take what you think is your weakest link, and you could turn it into your best, and your first, and your front line of defense in your fight against cybercrime, and in doing so, create an incredibly adaptive human firewall that will be better at protecting your firm than any technology you could ever deploy.

Don't make the mistake of thinking of cybersecurity as an information technology matter. It is as much a human resources matter. And maybe the best way to think about this is that the chances of your people being targeted is far more likely than your infrastructure being targeted. So as you think about where to make your next investment with respect to cybersecurity, let it be on your people and let it be on creating a culture of cybersecurity within your firms. Now, I want to talk about the importance of email, or what I call a cyber public enemy number one, or what I think is the greatest cybersecurity threat that exists today for registered investment advisors. Nearly every single advisor data incident that we see tracks back to a single inbound email into an advisor's organization. As users, we tend not to hesitate to click on a link, or to open an attachment, or to respond to requests for really sensitive information or a transaction in a client's account. And we would encourage you to be very suspect of email. In fact, maybe go so far as to treat email as if it's guilty until you prove that it's innocent.

We're in the midst of a bit of a perfect storm right now, as you think about email. With users working from home, some of us are in more of a relaxed environment, while others are in an environment where there's far more distractions, and whatever the case, means our defenses are down. Next, email communication or reliance on electronic communications is way up. And that just means, that the likelihood of things falling through the cracks is far higher. And then, lastly, know that the fraudsters are taking advantage of the situation that the pandemic has created. They're preying upon our interests, our curiosity, our anxiety. We're seeing phishing schemes that seemingly are coming from WHO or the CDC, or might even contain pandemic heat maps. So encourage your users to be very careful as you think about email. Now, for those users that are remoting in from home, it's important that some basic technical safeguards are in place for those users, particularly those that are using personally owned computing devices. We want to make sure that those devices are up to date with the most current operating system, and that operating system is updated with the most recent security patches. Also, too, we want to ensure that proper antivirus is running on those machines, that the antivirus, itself, has been updated. We want to make sure that the ability to remotely copy information from a work desktop and paste it onto a personal desktop has been disabled. And you should be using a virtual private network or a VPN, as well, to encrypt the communications that are happening over the internet using that computer.

And then, lastly, but maybe most importantly here, you want to make sure that you have enabled multifactor or two-factor authentication for every web-based platform that your firm may use, and this includes Schwab Advisor Center. In the event, your credentials are ever compromised, it's use of multifactor, that might be the only thing that keeps the fraudsters out of your online accounts. Now, I mentioned a number of tools and resources that we've created for you. Those can all be found on our Cybersecurity Resource Center on And the very best practices I shared with you today, along with many others, are available to you on our COVID-19 resource hub. And then, lastly, something we're very excited about is the launch of our Virtual Practice Management offering, where you have the ability to take part in our Practice Management programs without ever leaving your office.

Should you have any questions about anything that we've talked about, please contact your relationship manager, who can help you navigate the resources that I've mentioned here today. Thank you.

Show Social Media
Include in Schwab Investing Insights email alerts