This is the first in a series of articles on the systems and processes The Planning Center (TPC) uses to protect the security of our client data and assets.
You have a virus…
…Well, actually it is your computer that is “sick.” An infection can happen innocently enough. You open an email from a trusted friend and click on a link to download an attachment. That’s all there is to it. Now a virus hides inside the depths of your computer waiting to monitor your activities and steal your confidential information.
Here is a sobering reality: even with all of the protective measures The Planning Center takes—there is no guarantee that you will not become a victim. Why?
The easy answer (and the most honest) is that the weakest link in the chain of security measures protecting you from online criminals is…you.
The threat of cyber crime is serious—and growing every day. Credit card hacking, identity theft, phishing (sending fake emails that look legitimate to trick the recipient into revealing confidential information), and other forms of cyber-attacks are growing not only in number but in severity as well. A recent estimate of the annual cost to the global economy from cyber crime is more than $400 billion.1
To address the growing problem, back in June 2000, the Securities and Exchange Commission (SEC) adopted the “safeguards rule” requiring every SEC-registered investment advisor to adopt written policies and procedures that address “administrative, technical, and physical safeguards for the protection of customer records and information.” The purpose of the safeguards is to:
- Insure the security and confidentiality of customer records and information.
- Protect against any anticipated threats or hazards to the security or integrity of customer records and information.
- Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
The objective of most cyber-attacks is essentially the same: to gain access to your personal data and assets. In the simplest terms, the scammer wants/needs information they can use to separate you from your money. The Planning Center takes all of these factors into consideration in planning and implementing its cyber-security policy.
The Planning Center cyber-security program, in collaboration with our custodians, builds on the foundation of our compliance with Securities and Exchange Commission (SEC) regulatory standards. To that foundation, we add our own security process. It includes education, technology, training, and multiple layers of preventive measures to keep your data safe and your money protected.
Computer security is not a static goal.
It is a constantly moving target requiring numerous defenses and multiple layers of protection. Obviously, any single method of computer security can be vulnerable to and compromised by an attack. Layered security uses a series of security measures, each protecting against a different type of attack—and all working collectively together.
Here is an overview of the layers of security that The Planning Center has in place to protect the safety and security of your money and data.
- The Planning Center utilizes Domain Name System (DNS) Filtering, a cloud-based service similar to a phone book for the internet. This provides a first line of defense by ingesting millions of data points to verify the accuracy of web traffic and providing content filtering.
- The Planning Center uses a firewall system to provide monitoring of incoming and outgoing network traffic. In addition, this provides secure virtual private network (VPN) connections to our systems when accessed by us remotely and serves as the second line of defense in our data security system
- The Planning Center utilizes several web-based tools to manage its third layer of protection. All email coming into TPC runs through our GFI filtering system, which scans for viruses, phishing attempts, and spam email. In addition, we use malware and virus detection systems that are updated hourly to protect the devices on our network and remove any malicious software.
- The fourth layer of protection is for all of the computers connected to TPC’s system to be monitored for any patches or updates that need to be run. This allows any new security enhancements to be installed, and make certain there are no vulnerabilities due to aging equipment and software.
- The fifth and final layer and, as indicated in my earlier paragraph, the most important, is user training and knowledge. Our IT consulting firm provides training to TPC staff periodically on best practices. In addition, the custodians we use (as well as industry organizations) provide us with ongoing best practices to implement.
At the end of the day, our goal at The Planning Center is not merely to meet compliance standards, but to exceed them and constantly update and upgrade our cybersecurity program to protect your data and your money. Because one of the most important components of your cybersecurity involves your online habits and behavior, in the next issue of The Planning Center News, we will cover what you can do to protect yourself from being a victim of malicious hackers and scammers.
1McAfee Center for Strategic and International Studies.
Email him at: firstname.lastname@example.org.