Cybersecurity and You

This is the first in a series of articles on the systems and processes The Planning Center (TPC) uses to protect the security of our client data and assets.  

The Planning Center - Cybersecurity and You
The Planning Center – Cybersecurity and You

You have a virus…

…Well, actually it is your computer that is “sick.” An infection can happen innocently enough. You open an email from a trusted friend and click on a link to download an attachment. That’s all there is to it. Now a virus hides inside the depths of your computer waiting to monitor your activities and steal your confidential information.

Here is a sobering reality: even with all of the protective measures The Planning Center takes—there is no guarantee that you will not become a victim. Why?

The easy answer (and the most honest) is that the weakest link in the chain of security measures protecting you from online criminals is…you.

The threat of cyber crime is serious—and growing every day. Credit card hacking, identity theft, phishing (sending fake emails that look legitimate to trick the recipient into revealing confidential information), and other forms of cyber-attacks are growing not only in number but in severity as well. A recent estimate of the annual cost to the global economy from cyber crime is more than $400 billion.1

To address the growing problem, back in June 2000, the Securities and Exchange Commission (SEC) adopted the “safeguards rule” requiring every SEC-registered investment advisor to adopt written policies and procedures that address “administrative, technical, and physical safeguards for the protection of customer records and information.” The purpose of the safeguards is to:

  1. Insure the security and confidentiality of customer records and information.
  2. Protect against any anticipated threats or hazards to the security or integrity of customer records and information.
  3. Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

The objective of most cyber-attacks is essentially the same: to gain access to your personal data and assets. In the simplest terms, the scammer wants/needs information they can use to separate you from your money. The Planning Center takes all of these factors into consideration in planning and implementing its cyber-security policy.

The Planning Center cyber-security program, in collaboration with our custodians, builds on the foundation of our compliance with Securities and Exchange Commission (SEC) regulatory standards. To that foundation, we add our own security process. It includes education, technology, training, and multiple layers of preventive measures to keep your data safe and your money protected.

Computer security is not a static goal.

It is a constantly moving target requiring numerous defenses and multiple layers of protection. Obviously, any single method of computer security can be vulnerable to and compromised by an attack. Layered security uses a series of security measures, each protecting against a different type of attack—and all working collectively together.

Here is an overview of the layers of security that The Planning Center has in place to protect the safety and security of your money and data.

  • The Planning Center utilizes Domain Name System (DNS) Filtering, a cloud-based service similar to a phone book for the internet. This provides a first line of defense by ingesting millions of data points to verify the accuracy of web traffic and providing content filtering.
  • The Planning Center uses a firewall system to provide monitoring of incoming and outgoing network traffic. In addition, this provides secure virtual private network (VPN) connections to our systems when accessed by us remotely and serves as the second line of defense in our data security system
  • The Planning Center utilizes several web-based tools to manage its third layer of protection. All email coming into TPC runs through our GFI filtering system, which scans for viruses, phishing attempts, and spam email. In addition, we use malware and virus detection systems that are updated hourly to protect the devices on our network and remove any malicious software.
  • The fourth layer of protection is for all of the computers connected to TPC’s system to be monitored for any patches or updates that need to be run. This allows any new security enhancements to be installed, and make certain there are no vulnerabilities due to aging equipment and software.
  • The fifth layer and, as indicated in my earlier paragraph, the most important, is user training and knowledge. At TPC, it is our goal to stay at the forefront of cybersecurity so that we may continue to protect our clients, their data, and their money. In striving to do so, TPC has adopted Endpoint Detection and Response (“EDR”) as another layer of cybersecurity protection.  Endpoints, or devices that are connected to TPC’s network such as laptops, televisions, and cameras, are attractive targets to potential bad actors. These nefarious intruders can infect an endpoint and sit quietly, at times for weeks, while spreading throughout the network and preparing for an attack. TPC’s EDR now continuously monitors the behavior of those endpoints for any type of abnormality outside of historical behavior for each device giving TPC the ability to identify potential threats at their inception and isolate that endpoint in our network in real time thus not allowing the potential threat to spread.
  • The final layer of cybersecurity that TPC has adopted is the use of Multifactor Authentication (“MFA”) for all our critical systems. This added layer of security forces TPC personnel to log in to systems not just by entering a username and password, but also a second time using a unique multi-digit code randomly generated through a phone app or text message to confirm the identity of the individual attempting to log in before allowing access to that system. This helps us protect clients and their information in the event that a bad actor is attempting to use TPC systems to access client information directly through TPC.

At the end of the day, our goal at The Planning Center is not merely to meet compliance standards, but to exceed them and  constantly update and upgrade our cybersecurity program to protect your data and your money. Because one of the most important components of your cybersecurity involves your online habits and behavior, in the next issue of The Planning Center News, we will cover what you can do to protect yourself from being a victim of malicious hackers and scammers.

1McAfee Center for Strategic and International Studies.

Eric Kies, CFP®, is a Partner/Sr. Financial Planner in the Quad Cities office of The Planning Center, a fee-only financial planning and wealth management firm.

Email him at: eric@theplanningcenter.com.