00:00:06 – VERNESA HARPER:
My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Being the victim of cybercrime is a frightening and a stressful experience. And when your client's information is exposed, time is of the essence to help minimize the impacts to your clients.
Today, I'm going to highlight some of the common data incidents and cyber risk events, and I'll discuss how you can work with Schwab if your firm has to respond to one of these situations.
Let's review four common data incidents and cyber risk events that we've seen impacting our advisors. Microsoft Office 365 email compromise. And for this particular data incident, the point of compromise is usually phishing. You or a firm employee receives an email appearing to be from a trustworthy source. You click on a link or download an attachment. The outcome is a bad actor is able to gain access to your email.
We've also seen ransomware attacks, where a bad actor is able to gain access to your firm's server files through an unpatched system. The files are downloaded or encrypted.
In addition, we've seen advisor device compromise. And this happens when you or someone at your firm clicks on a link or downloads an attachment in a phishing email or visits a fraudulent website. Then malware is installed on the device, which allows a bad actor to record keystrokes, capture passwords, and review unprotected spreadsheets.
And, lastly, you may encounter physical loss of information, such as a stolen laptop where you have clients' data and files stored.
It's critical that you let us know as soon as possible when your firm experience one of these scenarios because we may be able to assist with heightened security measures.
Like you, Schwab has a vested interest in your clients' security. And we treat the safeguarding of client information as our top priority.
To learn more information about how you can work with Schwab, please visit the Cybersecurity Resource Center and review the advisor data incidents and cyber risks requirements resource. Also look for information on the Cybersecurity Resource Center to help you build and strengthen the cybersecurity program at your firm.
In case you review the data incidents and cyber risk requirements video first, I would like to encourage you to review the phishing video. This video will provide you with examples of phishing attacks that fraudsters use that can lead to an advisor data incident and cyber risk event.