It was my pleasure to speak at a recent Charles E Smith Life Communities event with a host of other fantastic professionals earlier this month. (https://www.smithlifecommunities.org/event/cyber-security-for-professionals-how-to-maximize-data-security-and-client-protection/ ) While the topic was nominally on cybersecurity, fraud, and protecting yourself online, the broader narrative was around elder care and protecting our aging population.
One of the things that I love about attending these types of events, speaking, or being on panels is the ability to learn from others and be exposed to different points of view. My colleagues at the event: Sarah Kaplan from Kaplan Financial Group, Mike Volk from PSA Insurance, and Howard Tischler of EverSafe provided diverse perspectives on how we can protect ourselves, our businesses, and our families with a particular focus on helping those that are most vulnerable.
Interestingly, this theme resonated well with one of the major goals of HCAM (https://www.healthcareaccessmaryland.org/), the board that I am a member of. This concept of "protecting our most vulnerable citizens" most definitely applies to the Internet, cybersecurity, and the elderly. Fraud is abundant online - and getting worse.
So with that being said, let me share a bit about what I've learned and topics that I am investigating and learning more about. Please keep in mind that this is not my main area of expertise and I, much like you may by, am in the mode of learning more and seeing what smart things I might do to help out my family, friends, and those around me.
1 - Mapping the new context into a familiar one
So one of the first things that I tend to do (for better or worse) is to map what I'm hearing and relate it to topics that I am familiar with. For example, mapping financial fraud to broader data loss or data breach concepts and mapping online account access back to role based access controls. For me, being able to relate new advise or recommendations back to other topics and areas helps to provide context and gives me a way to start thinking about how best to move forward.
One other example on this topic is the idea of "hands-on" user behavioral analytics. So UEBA/UBA essentially uses machine learning and large data sets to map normal user behaviors and activities. Once it is tuned and running, unusual or anomalous activities are flagged as being out of character for the user and responses can be triggered. One of the benefits of having a financial advisor that knows you is that they get to understand how you operate, they can more easily identify odd or unusual activities, and they can much more easily verify that "you are you" due to the personal relationship. Even with sophistical tools on the backend of these large brokerages, having a personal relationship can be significant in reducing fraud. Thus a personal UBA wrapped in the guise of a trusted advisor!
2 - Look into freezing your credit
This was a very specific recommendation and take away from the event. What's funny is that in so many areas none of the advice that we hear is that earth shattering so much as "hmmm, yeah that makes sense." This is one of those topics that is so intuitive, but has somehow gotten lost in the daily chaos of life. The FTC had some helpful information on this one: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs If you don't need it at the moment, freeze it.
3 - Explicitly block online access to accounts you aren't using
Another excellent point that came out of the event was to look at explicitly blocking the creation of online accounts that aren't required or needed. Think of the risk this way - if you have a bank or investment account and decide to not use online banking, a bad actor could still use your personal information, impersonate you, and open an online account to access your finances. So even if you eschew online banking or don't trust yourself to secure your online accounts, your account could still be vulnerable to online fraud. Given my comfort with technology, this is not something that I personally have dealt with, but it does make sense for some members of my family. I will be looking deeper into this option in the near future and seeing what options are available. While not all companies support this option, many do have options to help secure general account and online access.
4 - Never transfer money without personally confirming the information
This one I was aware of ahead of time, but the key points were emphasized during our discussions. The concern here goes something like this: a business partner has their email compromised (unbeknownst to them) by a bad actor. This person might not do anything with the information per se, they might just lurk, read emails, and look for an opportunity. Then, when a situation comes up such as a client needing to send a huge deposit for some real estate they strike by sending an email to the victim from the compromised email account and pointing the money to a new bank account. Once the money is transferred its gone. A similar variation on this fraud is using the same compromised account to send out invoices to clients for actual work that was done, but sending payments (again) to a different and fraudulent bank account.
5 - Surround yourself with solid trusted advisors
The last point for now is this - build up a strong network of smart trusted advisors that you can rely on for information and guidance. We can't be experts in all areas, but we can try to acknowledge our limitations and reach out to those contacts that are more informed than we are for advice. I know that I do this on a daily basis at WaveGard and I try to promote similar good behaviors in my personal life. Keep reaching out, forming, and strengthening these resources to build up a powerful network to help guide your decisions.
So, we are always learning and hopefully getting better bit by bit when it comes to protecting ourselves, our clients, and those around us. I look forward to seeing what tomorrow will bring and how I can better act on those pearls of wisdom that I learned from today.
