Cybersecurity Best Practices

Submitted by sally.tanner on August 3, 2020

Hi, everyone. I'm Adam Moseley. I'm a member of Schwab's Technology Operations and Cybersecurity Consulting Team, and I'm here today to share a number of timely cybersecurity tips and best practices, along with pointing you towards a number of resources that we've created that are all designed to help you strengthen your cybersecurity efforts within each of your firms.

Now, first and foremost, and perhaps the most important thing that I have to share with you today is the importance of your people in this equation. Many in leadership might think of their people as the weak link in their fight against cybercrime. And I'm here to tell you that with the right training, the right education, awareness, empowerment, you can take what you think is your weakest link, and you could turn it into your best, and your first, and your front line of defense in your fight against cybercrime, and in doing so, create an incredibly adaptive human firewall that will be better at protecting your firm than any technology you could ever deploy.

Don't make the mistake of thinking of cybersecurity as an information technology matter. It is as much a human resources matter, and maybe the best way to think about this is that the chances of your people being targeted is far more likely than your infrastructure being targeted. So as you think about where to make your next investment with respect to cybersecurity, let it be on your people and let it be on creating a culture of cybersecurity within your firms.

Now, I want to talk about the importance of email or what I call cyber public enemy number one, or what I think is the greatest cybersecurity threat that exists today for registered investment advisors. Nearly every single advisor data incident that we see tracks back to a single inbound email into an advisor's organization. As users, we tend not to hesitate to click on a link, or to open an attachment, or to respond to a request for really sensitive information or a transaction in a client's account. And we would encourage you to be very suspect of email. In fact, maybe go so far as to treat email as if it's guilty until you prove that it's innocent.

Now, for those users that are remoting in from home, it's important that some basic technical safeguards are in place for those users, particularly those that are using personally owned computing devices. We want to make sure that those devices are up to date with the most current operating system, and that operating system is updated with the most recent security patches. Also, too, we want to ensure that proper antivirus is running on those machines, that the antivirus, itself, has been updated. We want to make sure that the ability to remotely copy information from a work desktop and paste it onto a personal desktop has been disabled, and you should be using a virtual private network, or a VPN, as well, to encrypt the communications that are happening over the internet using that computer.

And then, lastly, but maybe most importantly here, you want to make sure that you have enabled multifactor or two-factor authentication for every web-based platform that your firm may use, and this includes Schwab Advisor Center. In the event your credentials are ever compromised, it's use of multifactor that might be the only thing that keeps the fraudsters out of your online accounts.

Now, I mentioned a number of tools and resources that we've created for you. Those can all be found on our Cybersecurity Resource Center on And then, lastly, something we're very excited about is the launch of our Virtual Practice Management offering, where you have the ability to take part in our Practice Management programs without ever leaving your office. 

Should you have any questions about anything that we've talked about, please contact your relationship manager, who can help you navigate the resources that I've mentioned here today. Thank you.


Show Social Media
Include in Schwab Investing Insights email alerts