On this week’s episode of THE FINANCIAL COMMUTE, host Chris Galeski invites Chief Compliance Officer Menachem Striks to discuss cybersecurity measures you should take to protect yourself and your money.

Here are some key takeaways from their conversation:

• Menachem advises listeners to create complex, unique passwords (15 to 20 characters) for their accounts. Try not to use the same password for multiple accounts, as if one account is compromised, others can be jeopardized, too.

• Password managers can help generate and store complex passwords. Apple’s new iOS 18 update includes a built-in password manager.

• Menachem suggests enabling two-factor authentication for accounts with sensitive information.

• Be cautious with emails and phone calls to avoid phishing scams. Trust your gut instinct if you sense something is off. Make sure email addresses are legitimate before replying and limit how much you pick up phone calls from unknown numbers. If you do, try answering calls with a simple "hello" or staying silent initially to determine if the call is genuine.

• Stay aware of new phishing techniques and scams, especially as AI continues to develop.

• Morton consistently runs tests to ensure our internal network is secure and conducts comprehensive research on vendors we work with who have access to client information. We also train employees through phishing tests and are always staying on top of developments in the cybersecurity space.

‍

Watch previous episodes here:

Ep. 90 What's Next for Interest Rates & Monetary Policy

Ep. 89 Buffett's Bet: Exploring International Investments & Japan

Hello, everyone, and thank you for joining us for another episode of the Financial Commute. I'm your host, Chris Galeski joined by Chief Compliance Officer Menachem Striks. Menachem, thank you for joining us. We're here to talk about probably one of your favorite topics, cybersecurity, AI fraud, all of the crazy things that are happening out there to, you know, clients and people.

It's just such a scary world.

We're going to try to put everybody in a good mood this morning.

Well, I think, you know, there's a lot of people that always ask the questions, you know, hey, how are you protecting us? Or what can I do to protect myself? And we're hearing more and more stories of people's bank accounts getting compromised.

You know, some people have heard stories about, you know, mailing a check to the IRS and then getting taken at the post office and washed clean and fraud being done that way. But, you know, protecting yourself online is a very important thing to do because we are all very vulnerable, especially if we're not using complex passwords and different passwords for all these different accounts, or even changing them from time to time.

I can only imagine how vulnerable people get, even through the phishing and email scams that have gotten pretty good.

Yeah, yeah, it's definitely, you know, we see it in the news almost every day now and it can get kind of scary. The level of sophistication that some of these, frauds or scams we're seeing out there. The good news is I think you mentioned there's a few sort of good ways or good steps that people can take to go a long way to protect themselves.

You mentioned passwords. That's kind of the number one, step to take is making sure that you're using complex, unique passwords. That's a big one, right? You don't want to reuse your same password across a bunch of different platforms. And then if it gets compromised in one place now you're exposing your banking or other credentials.

Because likely our personal information is sort of already out there because of the Blue Cross Blue Shield Act or AT&T or whatever, right?

But it's really if your information is out there and then they have access to your password, that's where you're really vulnerable. So let's talk a little bit more about, you know, protecting yourself from a password because people say 'complex password.' But now with AI and large language models, we're hearing that a 7 or 8, potentially even nine digit password is not enough.

So complex means how many characters?

Yeah. I think what we're saying to be conservative, we tell people at least 15, maybe even 20, which seems extreme. And I think the only way to really handle that is through some technology that we, we like and we recommend. This is called a password manager. And what that is, is essentially you remember one very complex password that you hopefully don't lose or get compromised.

And that protects your vault of all your passwords. And it can automatically generate a unique, complex password for each account that you use. And this way, each of your accounts is kind of segregated online where if one gets exposed, it doesn't expose keys to the kingdom.

So it might be a heavy lift at the onset to kind of go through all those websites and banking information and, usernames and passwords, but to go reset everything, then you've got it and you're, you're more protected that way.

Yeah. And for those Apple fans out there, I don't know if you've seen Apple just released their new iOS platform that has a password manager app included as well. So that's something that Apple users can definitely take advantage of, hopefully coming soon.

I'm glad that you said that. I mean, having one password or a password manager can help save time and energy and help better protect you.

I know in dealing with family members that you know are aging. So my grandmother's 90. She clicks on every link that she shouldn't and her... she's always being asked to change her password and going to something like one password or keeper helps us manage that remotely from always having to be there. So I know that that's even helpful from that standpoint too.

What's your take on dual factor authentication?

Yeah, that's another, you know, security measure that we definitely recommend. As much as possible, any account that's got your sensitive information should have a dual factor. The way to think about that is, you know, you want to combine something, you know, with something you have. Right?

So your password is something, you know, but then you also have your cell phone. And so... or whatever authentication method you're using. So that makes your account that much more secure if you're combining those two methods.

Yeah. Like even Schwab, Fidelity and a lot of other, companies that we deal with, they've been leveraging these dual factor authentication.

Like I'm going to send you a code, you know, enter this, you know, six digit code. I'm going to send it to you by text or email because they want to verify that that's the person that they're talking to. Some clients recently and we've heard stories about, you know, people's voice or image might have been compromised, leading to fraud.

I think there was some, you know, fake version of a CFO that was on a zoom call and verbally authorized a transfer. Some of the things that people need to do to better protect themselves is make sure that their  privacy settings for a number of those websites or social media websites is protected.

So that way it doesn't become public domain. We've also heard stories about, you know, people getting elaborate schemes through phone calls that, you know, tend to scare you. What's your advice for people that kind of get drawn in, whether it's a phishing email or a phone call that turns into a scam?

Yeah. I think the first thing I would say is trust your gut.

If something seems like it's kind of off or weird, just hang up, you know, call back whoever purports to be calling you. But really, I think we're so used to, you know, thinking intellectually, sometimes we forget to trust our visceral reaction. And if something seems strange, like trust that gut instinct that you have.

And then, yeah, we eventually, like, call back somebody on a known number. Don't click on links like, you know. Yeah, hopefully we learned that lesson, through all these phishing tests or scams that we've been through.

Yeah. I mean these phishing emails, these scam emails are starting to look very, very real. So we have to be careful. Hover over the email address, make sure that it looks like a legit email address. If you're still concerned, make a phone call instead of just replying or clicking on links. I know lately I've been answering the phone much different than I used to.

I used to answer the phone. Now I'm so worried about protecting my name and my voice and who I am when I get a phone call from an unknown number, I just answer, hello? Or I'm quiet for the first few seconds to try to see if it's a scammer.

We also wanted to talk about some of the things that we're doing here as an organization to better protect our clients. So obviously, you know, we've got Schwab and Fidelity that have their dual factor authentication when we're, you know, dealing with clients there. We also have dual factor authentication on all of our different platforms. So when we're accessing client sensitive data, we need to have our phone nearby to and to to access those websites.

What are some other things that we're doing, to help protect our clients?

Sure. So a lot of it is behind the scenes working with our IT partners running tests and scans in the background to make sure that our internal network is secure. We also do a lot of research and diligence on our counterparty. So vendors that we work with might have access to our client information.

We want to ask them a lot of questions to make sure that they've got the right controls in place, right. If we're sharing sensitive information with them, we want to make sure that it's not exposed through their systems. and then the biggest piece, I think, is just our employee training. You can have the best secure networks in the world, and all it takes is human error to, you know, let something get past you.

And so we're continually training people. We do a lot of phishing testing where we'll send out an email that kind of looks a little fishy. And if somebody clicks on it, then they they get a little mark that says, you've been you've been caught. You might have to go through some extra training. but really that's, you know, sort of the behind-the-scenes testing, researching and diligence on our counterparties and then just the training, continuously trying to stay on top of the developments in this space.

I know we're taking it very seriously. We get alerts and notifications when, you know, clients are transferring money or wires are being sent. And we do as much as possible to make sure that clients are protected. And we're only linked to bank accounts that they have authorized. We're still recommending, though, that people go to, you know, the TransUnion and Equifax and put a freeze on their credit to best protect them.

That way, no new lines of credit can be opened up.

So I think that's just a good sort of safeguard to have in place. You'll find out real quick if something someone's trying to get access to your, your credit or your personal profile.

Yeah. And as this world that we have kind of gets more complex with AI and protecting ourselves online, we're continuing to look for, you know, business partners or people that we can partner with to help protect ourselves and our clients better. And so we're looking into service offerings like that. There's a lot going on in that space right now.

We're just trying to, you know, stay ahead of the game and sort of keep abreast of all the developments. But yeah, definitely looking into, you know, some ways that we can help our clients with cybersecurity.

Just to kind of summarize, I know we talked a lot, but just to summarize, because not all of our clients are forced to change their passwords as often as we are in the financial services industry.

Take a look at one of those password managers, whether it's Keeper, One Password, or if you have a new Apple device in their their new password manager. Try leveraging that, but make sure to go into all of your various accounts and get a more complex password. Something longer than seven, eight, or nine characters because you may be at risk there.

So you recommend what, 15 to 20 characters. And that's why a password manager might make your life a little bit easier, because you won't have to remember all of those different ones. You'll just have to remember the complex one for the password manager. Some cybersecurity experts actually recommend having a separate email address just used for your personal banking.

So that way you're not using your personal email address. That way it's best protected. Please be careful with any scams or phishing emails. It's getting very, very good out there. If there's ever any doubt, just stop what you're doing. Call us. Call 911. Call somebody to better protect yourself. And then as best as possible, if you're moving money, please verify those instructions.

‍

Disclosure: Information presented herein is for discussion and illustrative purposes only. The views and opinions expressed by the speakers are as of the date of the recording and are subject to change. These views are not intended as a recommendation to buy or sell any securities, and should not be relied on as financial, tax or legal advice. You should consult with your financial, legal, and tax professionals before implementing any transactions and/or strategies concerning your finances.